PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-9351 Advantech CVE debrief

CVE-2016-9351 is a high-severity weakness in Advantech SUISAccess Server version 3.0 and earlier. The issue is described as a directory traversal/file upload error that allows an attacker to upload and unpack a ZIP file. NVD maps the flaw to CWE-22 (Path Traversal) and gives it a CVSS 3.0 vector of AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating serious potential impact if an attacker can reach the vulnerable functionality. The practical concern is that file handling logic may be bypassed so content is written or extracted outside the intended location. In industrial or server environments, that can threaten integrity and availability of the affected system and the data it manages. The supplied official references include an ICS-CERT advisory and a SecurityFocus BID entry, which reinforce that this is a vulnerability administrators should treat as actionable on any exposed or in-use SUISAccess deployment.

Vendor
Advantech
Product
CVE-2016-9351
CVSS
HIGH 7
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-13
Original CVE updated
2026-05-13
Advisory published
2017-02-13
Advisory updated
2026-05-13

Who should care

Administrators and operators running Advantech SUISAccess Server 3.0 or earlier, especially in industrial, OT, or otherwise high-trust environments where file upload and archive handling are enabled. Security teams responsible for Windows/server application hardening, vulnerability management, and ICS asset inventories should also review exposure.

Technical summary

NVD records CVE-2016-9351 for cpe:2.3:a:advantech:susiaccess:* with vulnerable versions through 3.0. The weakness is a directory traversal/file upload error that can permit a ZIP archive to be uploaded and unpacked outside the intended directory boundary. NVD classifies the issue as CWE-22 and assigns CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The corpus does not include a vendor patch bulletin or remediation steps, so defensive guidance should focus on validating exposure, restricting access, and applying any vendor or ICS-CERT mitigation guidance available from the referenced advisory.

Defensive priority

High. The CVSS score is 7.0 and the NVD vector indicates high impact once the vulnerable path is reachable. Prioritize inventorying affected SUISAccess deployments, confirming whether version 3.0 or earlier is present, and reviewing the ICS-CERT advisory for mitigation guidance.

Recommended defensive actions

  • Inventory all Advantech SUISAccess Server installations and confirm whether any instance is version 3.0 or earlier.
  • Review the ICS-CERT advisory ICSA-16-336-04 for mitigation guidance and any vendor-recommended workaround or update path.
  • Restrict local and administrative access to the affected application and limit who can invoke file upload or archive handling features.
  • Monitor for unexpected ZIP uploads, unusual extraction paths, or new files appearing outside approved application directories.
  • Apply application allowlisting, filesystem permissions, and least-privilege controls to reduce the blast radius of path traversal or archive extraction flaws.
  • If the product is no longer required, plan replacement or decommissioning to eliminate exposure.

Evidence notes

The vulnerability description, affected product scope, and severity come from the supplied NVD record. NVD lists vulnerable CPE criteria for advantech:susiaccess through version 3.0, classifies the weakness as CWE-22, and assigns CVSS 3.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The supplied reference set includes an ICS-CERT advisory (ICSA-16-336-04), a SecurityFocus BID entry, and an Exploit-DB reference, but this debrief avoids relying on unsupported exploit details.

Official resources

CVE published in NVD on 2017-02-13. The supplied record was modified on 2026-05-13. The official reference set points to an ICS-CERT advisory (ICSA-16-336-04) and related third-party entries.