CVE-2016-5793

Published: Sep 24, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

Affected (1)

Products: Moxa: Active Opc Server

Moxa

1 product

Active Opc Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Moxa Active Opc Server	Up to 2.4.18

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (4)

http://www.securityfocus.com/bid/93046

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-16-264-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/93046

Source: af854a3a-2127-422b-91ae-364da2661108

https://ics-cert.us-cert.gov/advisories/ICSA-16-264-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.