PT-2018-18105 · Advantech · Advantech Webaccess Dashboard+3

Steven Seeley

·

Published

2018-05-15

·

Updated

2019-10-09

·

CVE-2018-7497

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions V8.2 20170817 and prior Advantech WebAccess versions V8.3.0 and prior Advantech WebAccess Dashboard versions V.2.0.15 and prior Advantech WebAccess Scada Node versions prior to 8.3.1 Advantech WebAccess/NMS versions 2.0.3 and prior
Description The issue is related to untrusted pointer dereference vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
Recommendations For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817. For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0. For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15. For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later. For Advantech WebAccess/NMS versions 2.0.3 and prior, update to a version later than 2.0.3.

Fix

NULL Pointer Dereference

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-822

Related Identifiers

CVE-2018-7497
ZDI-18-484
ZDI-18-491
ZDI-18-492
ZDI-18-493
ZDI-18-494
ZDI-18-495
ZDI-18-496
ZDI-18-526

Affected Products

Advantech Webaccess
Advantech Webaccess Dashboard
Advantech Webaccess Scada Node
Advantech Webaccess/Nms