CVE-2018-7495

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/104190 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:advantech:webaccess_dashboard:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:advantech:webaccess_scada:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:advantech:webaccess\/nms:*:*:*:*:*:*:*:*

Information

Published : 2018-05-15 15:29

Updated : 2019-10-09 16:42


NVD link : CVE-2018-7495

Mitre link : CVE-2018-7495


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

advantech

  • webaccess_dashboard
  • webaccess\/nms
  • webaccess
  • webaccess_scada