Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname.Referenceshttp://www.zerodayinitiative.com/advisories/ZDI-16-403https://ics-cert.us-cert.gov/advisories/ICSA-16-159-01http://www.securityfocus.com/bid/91077
