PT-2018-18109 · Advantech · Advantech Webaccess Dashboard+3

Published

2018-05-15

·

Updated

2019-10-09

·

CVE-2018-7501

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Advantech WebAccess versions V8.2 20170817 and prior Advantech WebAccess versions V8.3.0 and prior Advantech WebAccess Dashboard versions V.2.0.15 and prior Advantech WebAccess Scada Node versions prior to 8.3.1 Advantech WebAccess/NMS 2.0.3 and prior
Description Several SQL injection vulnerabilities have been identified in Advantech WebAccess, which may allow an attacker to disclose sensitive information from the host.
Recommendations For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817. For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0. For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15. For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later. For Advantech WebAccess/NMS 2.0.3 and prior, update to a version later than 2.0.3.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-7501
ZDI-18-472
ZDI-18-473
ZDI-18-474
ZDI-18-475
ZDI-18-476
ZDI-18-477
ZDI-18-478
ZDI-18-479
ZDI-18-480
ZDI-18-481
ZDI-18-482
ZDI-18-485
ZDI-18-486
ZDI-18-487
ZDI-18-488
ZDI-18-489
ZDI-18-553

Affected Products

Advantech Webaccess
Advantech Webaccess Dashboard
Advantech Webaccess Scada Node
Advantech Webaccess/Nms