{"api_version":"1","generated_at":"2026-07-05T19:33:18+00:00","cve":"CVE-2016-9339","urls":{"html":"https://cve.report/CVE-2016-9339","api":"https://cve.report/api/cve/CVE-2016-9339.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9339","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9339"},"summary":{"title":"CVE-2016-9339","description":"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.","state":"PUBLISHED","assigner":"icscert","published_at":"2017-02-13 21:59:01","updated_at":"2025-04-20 01:37:25"},"problem_types":["CWE-22","INTERSCHALT VDR G4e Path Traversal Vulnerability"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04","name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"INTERSCHALT VDR G4e Path Traversal Vulnerability | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/94776","name":"http://www.securityfocus.com/bid/94776","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"INTERSCHALT VDR G4e CVE-2016-9339 Directory Traversal Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9339","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9339","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"INTERSCHALT VDR G4e 5.220 and prior","version":"affected INTERSCHALT VDR G4e 5.220 and prior","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9339","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"macgregor","cpe5":"interschalt_vdr_g4e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9339","vulnerable":"1","versionEndIncluding":"5.220","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"macgregor","cpe5":"interschalt_vdr_g4e_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T02:50:36.987Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"94776","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/94776"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"INTERSCHALT VDR G4e 5.220 and prior","vendor":"n/a","versions":[{"status":"affected","version":"INTERSCHALT VDR G4e 5.220 and prior"}]}],"datePublic":"2017-02-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal."}],"problemTypes":[{"descriptions":[{"description":"INTERSCHALT VDR G4e Path Traversal Vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-02-14T10:57:01.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"name":"94776","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/94776"},{"tags":["x_refsource_MISC"],"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2016-9339","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"INTERSCHALT VDR G4e 5.220 and prior","version":{"version_data":[{"version_value":"INTERSCHALT VDR G4e 5.220 and prior"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"INTERSCHALT VDR G4e Path Traversal Vulnerability"}]}]},"references":{"reference_data":[{"name":"94776","refsource":"BID","url":"http://www.securityfocus.com/bid/94776"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2016-9339","datePublished":"2017-02-13T21:00:00.000Z","dateReserved":"2016-11-16T00:00:00.000Z","dateUpdated":"2024-08-06T02:50:36.987Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2017-02-13 21:59:01","lastModifiedDate":"2025-04-20 01:37:25","problem_types":["CWE-22","INTERSCHALT VDR G4e Path Traversal Vulnerability"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"5.220","matchCriteriaId":"CED0AFF1-D11B-4D5A-AEFF-0ADDCB5F6947"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:macgregor:interschalt_vdr_g4e:-:*:*:*:*:*:*:*","matchCriteriaId":"BF42A648-D783-4FCB-BE6A-C9D0EF0EB2F6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9339","Ordinal":"1","Title":"CVE-2016-9339","CVE":"CVE-2016-9339","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9339","Ordinal":"1","NoteData":"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal.","Type":"Description","Title":"CVE-2016-9339"},{"CveYear":"2016","CveId":"9339","Ordinal":"2","NoteData":"2017-02-13","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9339","Ordinal":"3","NoteData":"2017-02-14","Type":"Other","Title":"Modified"}]}}}