PT-2020-12245 · Advantech · Webaccess/Nms

Published

2020-04-08

Updated

2020-04-09

CVE-2020-10617

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/NMS versions prior to 3.0.2

Description The issue allows an unauthenticated attacker to perform SQL injection, potentially gaining access to sensitive information. This can be achieved through multiple methods.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to prevent SQL injection attacks.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-10617

ZDI-20-374

ZDI-20-375

ZDI-20-376

ZDI-20-377

ZDI-20-378

ZDI-20-380

ZDI-20-381

ZDI-20-388

ZDI-20-390

ZDI-20-391

ZDI-20-392

ZDI-20-393

ZDI-20-394

ZDI-20-395

ZDI-20-396

ZDI-20-399

ZDI-20-401

ZDI-20-403

ZDI-20-404

ZDI-20-407

ZDI-20-408

ZDI-20-409

ZDI-20-410

ZDI-20-411

ZDI-20-412

ZDI-20-415

ZDI-20-416

ZDI-20-417

ZDI-20-418

ZDI-20-419

ZDI-20-422

ZDI-20-423

ZDI-20-424

ZDI-20-425

ZDI-20-426

ZDI-20-427

ZDI-20-428

ZDI-20-429

ZDI-20-430

ZDI-20-431

ZDI-20-432

ZDI-20-433

ZDI-20-434

ZDI-20-435

ZDI-20-436

ZDI-20-437

ZDI-20-438

ZDI-20-439

ZDI-20-440

ZDI-20-441

ZDI-20-442

ZDI-20-443

ZDI-20-445

Affected Products

Webaccess/Nms

PT-2020-12245 · Advantech · Webaccess/Nms

CVE-2020-10617

Weakness Enumeration

Related Identifiers

Affected Products

References · 57