PT-2018-18109 · Advantech · Advantech Webaccess Dashboard+3
Publicado
2018-05-15
·
Atualizado
2019-10-09
·
CVE-2018-7501
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess versions V8.2 20170817 and prior
Advantech WebAccess versions V8.3.0 and prior
Advantech WebAccess Dashboard versions V.2.0.15 and prior
Advantech WebAccess Scada Node versions prior to 8.3.1
Advantech WebAccess/NMS 2.0.3 and prior
Description
Several SQL injection vulnerabilities have been identified in Advantech WebAccess, which may allow an attacker to disclose sensitive information from the host.
Recommendations
For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817.
For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0.
For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15.
For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later.
For Advantech WebAccess/NMS 2.0.3 and prior, update to a version later than 2.0.3.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Advantech Webaccess
Advantech Webaccess Dashboard
Advantech Webaccess Scada Node
Advantech Webaccess/Nms