INTERSCHALT Clears Path Traversal

Thursday, December 8, 2016 @ 05:12 PM gHale

INTERSCHALT created a patch to mitigate a path traversal vulnerability in its Maritime Systems’ (INTERSCHALT) VDR G4e application, according to a report with ICS-CERT.

Maxim Rupp, who discovered the issue, has tested the patch to validate that it resolves the remotely exploitable vulnerability.

Adcon Mitigates Gateway Issues
Sauter Won’t Update NovaWeb Hole
Moxa Clears Session Hijack Holes
Locus Energy Clears Vulnerability

INTERSCHALT’s Versions 5.220 and prior suffer from the issue.

Successful exploitation of this vulnerability could allow an attacker to read/download arbitrary files from the target host.

INTERSCHALT is a German-based company that maintains offices in several countries around the world, including the United States, China, and Germany.

The affected product, VDR G4e, is a maritime voyage data recorder. According to INTERSCHALT, VDR G4e sees action in the Transportation Systems sector. INTERSCHALT estimates this product sees use primarily in the United States and Europe with a small percentage in Asia.

If external input ends up used to construct paths to files and directories without properly neutralizing special elements within the pathname, it could allow an attacker to read files on the system.

CVE-2016-9339 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

INTERSCHALT recommends that affected users update their devices to Version 5.230 as soon as possible.

Leave a Reply

You must be logged in to post a comment.