CVE-2017-5154
published 2017-02-13CVE-2017-5154: An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to…
PriorityP355critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.40%
90.1th percentile
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j4r6-m4xp-qv88: An issue was discovered in Advantech WebAccess Version 8
ghsa_unreviewed·2022-05-17
CVE-2017-5154 [CRITICAL] CWE-89 GHSA-j4r6-m4xp-qv88: An issue was discovered in Advantech WebAccess Version 8
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
CISA ICS
Advantech WebAccess
cisa_ics·2017-01-19
Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedJanuary 19, 2017
Alert CodeICSA-17-012-01
## CVSS V3 9.8
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Advantech
Equipment: WebAccess
Vulnerabilities: Authentication Bypass, SQL Injection
## AFFECTED PRODUCTS
The following WebAccess version is affected:
- WebAccess Version 8.1
## IMPACT
Successful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.
## MITIGATION
Advantech has produced WebAccess Version
No detection rules found.
No public exploits indexed.
2017-02-13
Published