Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
18 vulnerabilities found for Advantech WebAccess by Advantech
CVE-2018-15707 (GCVE-0-2018-15707)
Vulnerability from nvd – Published: 2018-10-31 22:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
Severity ?
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15707",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:50:29.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15706 (GCVE-0-2018-15706)
Vulnerability from nvd – Published: 2018-10-31 22:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T21:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15706",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:15:57.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15705 (GCVE-0-2018-15705)
Vulnerability from nvd – Published: 2018-10-31 22:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15705",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:59:24.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14828 (GCVE-0-2018-14828)
Vulnerability from nvd – Published: 2018-10-23 20:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14828",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:10.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14820 (GCVE-0-2018-14820)
Vulnerability from nvd – Published: 2018-10-23 20:00 – Updated: 2024-09-16 23:05
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
Severity ?
No CVSS data available.
CWE
- CWE-73 - EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14820",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14816 (GCVE-0-2018-14816)
Vulnerability from nvd – Published: 2018-10-23 20:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14816",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:48.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14806 (GCVE-0-2018-14806)
Vulnerability from nvd – Published: 2018-10-23 20:00 – Updated: 2024-09-16 20:32
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14806",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:50.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15704 (GCVE-0-2018-15704)
Vulnerability from nvd – Published: 2018-10-22 19:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
Severity ?
No CVSS data available.
CWE
- Stack buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.2 and below
|
Date Public ?
2018-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.2 and below"
}
]
}
],
"datePublic": "2018-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-22T18:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-15704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.2 and below"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15704",
"datePublished": "2018-10-22T19:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:55.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15703 (GCVE-0-2018-15703)
Vulnerability from nvd – Published: 2018-10-22 19:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
Severity ?
No CVSS data available.
CWE
- Reflected Cross Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.2 and below
|
Date Public ?
2018-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.2 and below"
}
]
}
],
"datePublic": "2018-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-22T18:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-15703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.2 and below"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15703",
"datePublished": "2018-10-22T19:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:33.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15707 (GCVE-0-2018-15707)
Vulnerability from cvelistv5 – Published: 2018-10-31 22:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
Severity ?
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15707",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:50:29.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15706 (GCVE-0-2018-15706)
Vulnerability from cvelistv5 – Published: 2018-10-31 22:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T21:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15706",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:15:57.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15705 (GCVE-0-2018-15705)
Vulnerability from cvelistv5 – Published: 2018-10-31 22:00 – Updated: 2024-09-16 17:59
VLAI?
Summary
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.1 and 8.3.2
|
Date Public ?
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.1 and 8.3.2"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "45774",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15705",
"datePublished": "2018-10-31T22:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:59:24.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14816 (GCVE-0-2018-14816)
Vulnerability from cvelistv5 – Published: 2018-10-23 20:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-121 - STACK-BASED BUFFER OVERFLOW CWE-121
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "STACK-BASED BUFFER OVERFLOW CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14816",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:01:48.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14806 (GCVE-0-2018-14806)
Vulnerability from cvelistv5 – Published: 2018-10-23 20:00 – Updated: 2024-09-16 20:32
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- CWE-22 - IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14806",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:50.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14820 (GCVE-0-2018-14820)
Vulnerability from cvelistv5 – Published: 2018-10-23 20:00 – Updated: 2024-09-16 23:05
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
Severity ?
No CVSS data available.
CWE
- CWE-73 - EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14820",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:05:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14828 (GCVE-0-2018-14828)
Vulnerability from cvelistv5 – Published: 2018-10-23 20:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
WebAccess Versions 8.3.1 and prior
|
Date Public ?
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "WebAccess Versions 8.3.1 and prior"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-25T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "1041939",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C"
},
{
"name": "105728",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14828",
"datePublished": "2018-10-23T20:00:00.000Z",
"dateReserved": "2018-08-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:10.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15703 (GCVE-0-2018-15703)
Vulnerability from cvelistv5 – Published: 2018-10-22 19:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
Severity ?
No CVSS data available.
CWE
- Reflected Cross Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.2 and below
|
Date Public ?
2018-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.2 and below"
}
]
}
],
"datePublic": "2018-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-22T18:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-15703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.2 and below"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15703",
"datePublished": "2018-10-22T19:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:57:33.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15704 (GCVE-0-2018-15704)
Vulnerability from cvelistv5 – Published: 2018-10-22 19:00 – Updated: 2024-09-16 19:15
VLAI?
Summary
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
Severity ?
No CVSS data available.
CWE
- Stack buffer overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Advantech | Advantech WebAccess |
Affected:
8.3.2 and below
|
Date Public ?
2018-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Advantech WebAccess",
"vendor": "Advantech",
"versions": [
{
"status": "affected",
"version": "8.3.2 and below"
}
]
}
],
"datePublic": "2018-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-22T18:57:01.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-15704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.2 and below"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15704",
"datePublished": "2018-10-22T19:00:00.000Z",
"dateReserved": "2018-08-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:15:55.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}