PT-2018-18658 · Advantech · Advantech Webaccess Dashboard+3
Steven Seeley
·
Published
2018-05-15
·
Updated
2020-09-29
·
CVE-2018-8845
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Advantech WebAccess versions V8.2 20170817 and prior
Advantech WebAccess versions V8.3.0 and prior
Advantech WebAccess Dashboard versions V.2.0.15 and prior
Advantech WebAccess Scada Node versions prior to 8.3.1
Advantech WebAccess/NMS versions 2.0.3 and prior
Description
A heap-based buffer overflow issue has been identified, which may allow an attacker to execute arbitrary code. The
strcpy function is vulnerable to a heap-based buffer overflow, potentially enabling remote code execution.Recommendations
For Advantech WebAccess versions V8.2 20170817 and prior, update to a version later than V8.2 20170817.
For Advantech WebAccess versions V8.3.0 and prior, update to a version later than V8.3.0.
For Advantech WebAccess Dashboard versions V.2.0.15 and prior, update to a version later than V.2.0.15.
For Advantech WebAccess Scada Node versions prior to 8.3.1, update to version 8.3.1 or later.
For Advantech WebAccess/NMS versions 2.0.3 and prior, update to a version later than 2.0.3.
Fix
Memory Corruption
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advantech Webaccess
Advantech Webaccess Dashboard
Advantech Webaccess Scada Node
Advantech Webaccess/Nms