PT-2017-2819 · Advantech · Advantech Webaccess

Published

2017-08-09

Updated

2019-10-09

CVE-2017-12698

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions prior to V8.2 20170817

Description An issue with improper authentication was found, allowing specially crafted requests to bypass authentication, which could enable remote code execution. The vulnerability is related to deficiencies in the authentication procedure, potentially allowing a remote attacker to execute arbitrary code using specially crafted requests.

Recommendations For Advantech WebAccess versions prior to V8.2 20170817, update to version V8.2 20170817 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.

Fix

RCE

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2017-02096

CVE-2017-12698

Affected Products

Advantech Webaccess

PT-2017-2819 · Advantech · Advantech Webaccess

CVE-2017-12698

Weakness Enumeration

Related Identifiers

Affected Products

References · 5