Z0Mb1E

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** Multiple relative path traversal vulnerabilities exist, allowing a low-privilege user to overwrite files outside the application's control. The issue affects the WebAccess/SCADA ViewSrv and DrawSrv, where an IOCTL 0x0000277d directory traversal remote code execution vulnerability is present. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, consider restricting access to sensitive files and directories to minimize the risk of exploitation. For Advantech WebAccess Node version 9.0.0, restrict access to the vulnerable IOCTL 0x0000277d to prevent remote code execution. As a temporary workaround, consider disabling the `DrawSrv` and `ViewSrv` services until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior, Version 9.0.0 **Description** The issue is caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution due to multiple heap-based buffer overflow vulnerabilities. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, Version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** Multiple stack-based buffer overflow vulnerabilities exist due to a lack of proper validation of the length of user-supplied data, which may allow remote code execution. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, update to a version later than 9.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the affected system until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. The issue affects the WebAccess/SCADA system, including components such as DATACORE, ViewSrv, and DrawSrv, which are vulnerable to directory traversal and command injection attacks. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, update to a version later than 9.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable IOCTL endpoints, such as 0x0000791e and 0x00002711, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** The issue arises from improper input sanitization, which may allow an attacker to inject SQL commands. This can lead to SQL injection and information disclosure vulnerabilities. Specifically, certain IOCTL commands, such as `IOCTL 0x00013c74`, `IOCTL 0x00013c75`, `IOCTL 0x00013c71`, `IOCTL 0x00013c76`, and `IOCTL 0x00013c77`, are affected. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, consider disabling the `BwWebSvc` service until a patch is available. As a temporary workaround, restrict access to the affected IOCTL commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** An out-of-bounds vulnerability exists that may allow access to unauthorized data. This issue affects the WebAccess/SCADA system, specifically the DrawSrv and ViewSrv components, which can be exploited through the IOCTL 0x00002722, leading to an out-of-bounds read information disclosure. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, consider disabling the DrawSrv and ViewSrv components as a temporary workaround until a patch is available. Restrict access to the IOCTL 0x00002722 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess Node versions 8.4.4 and prior Advantech WebAccess Node version 9.0.0 **Description** An improper validation issue exists, allowing an attacker to inject specially crafted input into memory where it can be executed. This could potentially lead to remote code execution. **Recommendations** For Advantech WebAccess Node versions 8.4.4 and prior, update to a version later than 8.4.4 to resolve the issue. For Advantech WebAccess Node version 9.0.0, consider disabling any functionality related to the improper validation of array indices until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech DiagAnywhere Server versions 3.07.11 and prior **Description** The issue is related to multiple stack-based buffer overflow vulnerabilities in the file transfer service of Advantech DiagAnywhere Server. These vulnerabilities could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running the server. The vulnerabilities exist in various functions, including FOLDER CREATE, FILE OPEN RO, FOLDER REMOVE, FILE CREATE, and SET CURR DIR. **Recommendations** For Advantech DiagAnywhere Server versions 3.07.11 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.