Details of VAR-201702-0925

ID

VAR-201702-0925

CVE

CVE-2016-9339

TITLE

INTERSCHALT Maritime Systems VDR G4e Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-007849

DESCRIPTION

An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal. INTERSCHALT VDR G4e is prone to a directory-traversal vulnerability An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks. INTERSCHALT Maritime Systems VDR G4e is a marine voyage data recorder from INTERSCHALT Maritime Systems, Germany

Trust: 1.98

sources: NVD: CVE-2016-9339 // JVNDB: JVNDB-2016-007849 // BID: 94776 // VULHUB: VHN-98159

AFFECTED PRODUCTS

vendor:	macgregor	model:	interschalt vdr g4e	scope:	lte	version:	5.220	Trust: 1.0
vendor:	interschalt maritime	model:	vdr g4e	scope:	eq	version:	5.220	Trust: 0.9
vendor:	interschalt maritime	model:	vdr g4e	scope:	-	version:	-	Trust: 0.8
vendor:	interschalt maritime	model:	vdr g4e	scope:	lte	version:	5.220	Trust: 0.8

sources: BID: 94776 // JVNDB: JVNDB-2016-007849 // CNNVD: CNNVD-201612-232 // NVD: CVE-2016-9339

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9339
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-9339
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201612-232
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98159
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9339
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98159
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9339
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2016-9339
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-98159 // JVNDB: JVNDB-2016-007849 // CNNVD: CNNVD-201612-232 // NVD: CVE-2016-9339

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-98159 // JVNDB: JVNDB-2016-007849 // NVD: CVE-2016-9339

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-232

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-232

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007849

PATCH

title:	Top Page	url:	http://www.interschalt.com/	Trust: 0.8
title:	INTERSCHALT VDR G4e Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66269	Trust: 0.6

sources: JVNDB: JVNDB-2016-007849 // CNNVD: CNNVD-201612-232

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9339	Trust: 2.8
db:	ICS CERT	id:	ICSA-16-343-04	Trust: 2.8
db:	BID	id:	94776	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-007849	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-232	Trust: 0.7
db:	VULHUB	id:	VHN-98159	Trust: 0.1

sources: VULHUB: VHN-98159 // BID: 94776 // JVNDB: JVNDB-2016-007849 // CNNVD: CNNVD-201612-232 // NVD: CVE-2016-9339

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-343-04	Trust: 2.8
url:	http://www.securityfocus.com/bid/94776	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9339	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9339	Trust: 0.8
url:	http://www.interschalt.com/fileadmin/dateien/media-pdf/systems/is_datasheet_vdr_g4e.pdf	Trust: 0.3

sources: VULHUB: VHN-98159 // BID: 94776 // JVNDB: JVNDB-2016-007849 // CNNVD: CNNVD-201612-232 // NVD: CVE-2016-9339

CREDITS

Maxim Rupp

Trust: 0.3

sources: BID: 94776

SOURCES

db:	VULHUB	id:	VHN-98159
db:	BID	id:	94776
db:	JVNDB	id:	JVNDB-2016-007849
db:	CNNVD	id:	CNNVD-201612-232
db:	NVD	id:	CVE-2016-9339

LAST UPDATE DATE

2025-04-20T23:05:27.066000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98159	date:	2017-03-03T00:00:00
db:	BID	id:	94776	date:	2016-12-20T01:08:00
db:	JVNDB	id:	JVNDB-2016-007849	date:	2017-03-24T00:00:00
db:	CNNVD	id:	CNNVD-201612-232	date:	2016-12-12T00:00:00
db:	NVD	id:	CVE-2016-9339	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98159	date:	2017-02-13T00:00:00
db:	BID	id:	94776	date:	2016-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-007849	date:	2017-03-24T00:00:00
db:	CNNVD	id:	CNNVD-201612-232	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-9339	date:	2017-02-13T21:59:01.657