ID
VAR-201702-0082
CVE
CVE-2016-8378
TITLE
Lynxspring JENEsys BAS Bridge Security Bypass Vulnerability
Trust: 1.4
DESCRIPTION
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials. Lynxspring is an American company. BAS Bridge is a web-based SCADA system. BAS server deployment areas include commercial facilities, manufacturing, energy, water and wastewater systems, and more. Lynxspring JENEsys BAS Bridge has a security bypass vulnerability. An attacker exploits a vulnerability to obtain a certificate of authentication, bypassing the verification. A privilege-escalation vulnerability 2. An authentication-bypass vulnerability 3. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability An attackers may exploit these issues to gain unauthorized access to restricted content, bypass intended security restrictions, gain elevated privileges or perform certain unauthorized actions and gain access to the affected application that may aid in launching further attacks
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | lynxspring | model: | jenesys bas bridge | scope: | lte | version: | 1.1.8 | Trust: 1.8 |
| vendor: | lynxspring | model: | bas bridge | scope: | eq | version: | 1.1.8 | Trust: 0.9 |
| vendor: | lynxspring | model: | jenesys bas bridge | scope: | eq | version: | 1.1.8 | Trust: 0.6 |
| vendor: | jenesys bas bridge | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Trust management
Trust: 0.8
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.lynxspring.com/ | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-8378 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSA-16-320-01 | Trust: 3.3 |
| db: | BID | id: | 94344 | Trust: 2.5 |
| db: | CNVD | id: | CNVD-2016-11244 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201611-548 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2016-007649 | Trust: 0.8 |
| db: | IVD | id: | 6F6DE983-3195-42D1-AA06-3918A78A1EDC | Trust: 0.2 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsa-16-320-01 | Trust: 3.3 |
| url: | http://www.securityfocus.com/bid/94344 | Trust: 1.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8378 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8378 | Trust: 0.8 |
| url: | http://www.lynxspring.com/technology/jenesys | Trust: 0.3 |
CREDITS
Maxim Rupp
Trust: 0.9
SOURCES
| db: | IVD | id: | 6f6de983-3195-42d1-aa06-3918a78a1edc |
| db: | CNVD | id: | CNVD-2016-11244 |
| db: | BID | id: | 94344 |
| db: | JVNDB | id: | JVNDB-2016-007649 |
| db: | CNNVD | id: | CNNVD-201611-548 |
| db: | NVD | id: | CVE-2016-8378 |
LAST UPDATE DATE
2025-04-20T23:29:45.785000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-11244 | date: | 2016-11-17T00:00:00 |
| db: | BID | id: | 94344 | date: | 2016-11-24T01:10:00 |
| db: | JVNDB | id: | JVNDB-2016-007649 | date: | 2017-03-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-548 | date: | 2016-11-25T00:00:00 |
| db: | NVD | id: | CVE-2016-8378 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | IVD | id: | 6f6de983-3195-42d1-aa06-3918a78a1edc | date: | 2016-11-17T00:00:00 |
| db: | CNVD | id: | CNVD-2016-11244 | date: | 2016-11-17T00:00:00 |
| db: | BID | id: | 94344 | date: | 2016-11-15T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-007649 | date: | 2017-03-08T00:00:00 |
| db: | CNNVD | id: | CNNVD-201611-548 | date: | 2016-11-25T00:00:00 |
| db: | NVD | id: | CVE-2016-8378 | date: | 2017-02-13T21:59:01.393 |