PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-8357 Lynxspring CVE debrief

CVE-2016-8357 affects Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. According to NVD, a user with read-only access can send commands that the application accepts, which can let an attacker make changes inside the application despite having only limited privileges.

Vendor
Lynxspring
Product
Jenesys Bas Bridge
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2016-08-19
Original CVE updated
2025-06-05
Advisory published
2016-08-19
Advisory updated
2025-06-05

Who should care

Administrators, integrators, and operators responsible for Lynxspring JENEsys BAS Bridge deployments, especially environments that rely on read-only roles or segregated operator permissions.

Technical summary

NVD describes the flaw as an authorization/privilege-control failure in Lynxspring JENEsys BAS Bridge versions through 1.1.8. The listed CVSS v3.0 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N, reflecting that a low-privileged network user can send commands that are accepted by the application. NVD maps the issue to CWE-264.

Defensive priority

High. The issue allows privilege abuse with potential integrity impact, so affected systems should be assessed promptly and access controls reviewed.

Recommended defensive actions

  • Identify all Lynxspring JENEsys BAS Bridge installations and confirm whether any are version 1.1.8 or older.
  • Review read-only roles and authorization rules to ensure those accounts cannot submit commands or perform state-changing actions.
  • Restrict network access to the application to trusted administrative or operational segments only.
  • Follow the mitigation guidance in the linked ICS-CERT advisory and vendor references.
  • Monitor for unauthorized command activity or unexpected configuration changes on affected systems.
  • Upgrade or replace affected software if a fixed version or vendor remediation is available through official channels.

Evidence notes

The debrief is based on the NVD CVE record and the linked ICS-CERT/security reference material included in the source corpus. The vulnerability description explicitly states that read-only users can send commands that are accepted by the application, and NVD lists affected versions as through 1.1.8 with CVSS 7.1 HIGH.

Official resources

Published by NVD on 2017-02-13T21:59:00.923Z; last modified on 2026-05-13T00:24:29.033Z.