CVE-2016-2297 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-2297

CWE

https://cwe.mitre.org/data/definitions/.html

Meteocontrol WEBlog Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an access command shell-like feature.

Affected Software

Name	Vendor	Start Version	End Version
Web’log_basic_100	Meteocontrol	- (including)	- (including)
Web’log_light	Meteocontrol	- (including)	- (including)
Web’log_pro	Meteocontrol	- (including)	- (including)
Web’log_pro_unlimited	Meteocontrol	- (including)	- (including)

References

http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
http://seclists.org/fulldisclosure/2016/May/52
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01