CVE-2016-5801 Omnimetrix CVE debrief

Who should care

Administrators and operators responsible for OmniMetrix OmniView 1.2 web application accounts, especially anyone relying on the application’s authentication controls.

Technical summary

The supplied NVD record identifies a weakness in OmniView 1.2 where password requirements are too weak to resist brute-force attempts against account credentials. The record classifies the issue as network-exploitable with no privileges or user interaction required (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), and the primary impact is confidentiality exposure. The vulnerable CPE listed in the record is cpe:2.3:a:omnimetrix:omniview:1.2:*:*:*:*:*:*:*.

Defensive priority

High

Recommended defensive actions

• Review the ICS-CERT mitigation guidance referenced for this issue and apply any vendor or advisory-recommended remediation.
• Strengthen authentication controls for OmniView accounts, including stronger password policy requirements.
• Add rate limiting, lockout, or other brute-force throttling controls where supported.
• Audit account access logs for repeated failed login attempts and unusual authentication patterns.
• Restrict access to the OmniView web application to only necessary users and networks.
• If the affected version must remain in service, compensate with layered access controls and monitoring.

Evidence notes

The evidence in the supplied corpus comes from the NVD record and its listed references. NVD describes the issue as “insufficient password requirements” in OmniView 1.2 that may enable brute-force access. The record also lists CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, CWE-284, and the vulnerable CPE for OmniView 1.2. Related references include SecurityFocus BID 94937 and ICS-CERT advisory ICSA-16-350-02.

Official resources