SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-456818084] VideoInsight Web Client

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-01-12OtherVideoInsightJuan Pablo Lopez Yacubian reported this vulnerability and has tested the patch. N/ACVE-2017-5151 N/AN/AN/A

Source

						
							
								
#
# VideoInsight Web Client
#


### VULNERABLE VENDOR
VideoInsight


### VULNERABLE PRODUCT
Web Client
 


### RESEARCHER
Juan Pablo Lopez Yacubian reported this vulnerability and has tested the patch.



### AFFECTED PRODUCTS

The following Web Client versions are affected:

Web Client Version 6.3.5.11 and previous versions.



### IMPACT

A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands on the target system.



### VULNERABILITY OVERVIEW

SQL INJECTION CWE-89
A SQL Injection vulnerability has been identified, which may allow remote code execution.
CVE-2017-5151 has been assigned to this vulnerability.
A CVSS v3 base score of 7.3 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)





### BACKGROUND



### MITIGATION

VideoInsight has produced a new version that addresses the reported vulnerability.

The latest Version 6.3.6.11 is available on the download portal at the following link: www.downloadvi.com