CVE-2016-0855

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to 8.1

Description The issue allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. It also enables directory traversal, which can lead to arbitrary file deletion, denial of service, and information disclosure. The vulnerability is related to the Dashboard Viewer and affects various functions such as addFolder, removeFolder, openWidget, and removeFile.

Recommendations For Advantech WebAccess versions prior to 8.1, update to version 8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Dashboard Viewer functions, specifically addFolder, removeFolder, openWidget, and removeFile, until a patch is available.