CVE-2018-10590
published 2018-05-15CVE-2018-10590: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada…
PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.71%
74.4th percentile
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.2_20170817 | — |
| advantech | webaccess | <= 8.3.0 | — |
| advantech | webaccess | — | — |
| advantech | webaccess_dashboard | <= 2.0.15 | — |
| advantech | webaccess_nms | <= 2.0.3 | — |
| advantech | webaccess_scada | < 8.3.1 | 8.3.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhjp-xc38-m6xr: In Advantech WebAccess versions V8
ghsa_unreviewed·2022-05-13
CVE-2018-10590 [HIGH] CWE-538 GHSA-mhjp-xc38-m6xr: In Advantech WebAccess versions V8
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
CISA ICS
Advantech WebAccess
cisa_ics·2018-05-18·CVSS 7.5
[HIGH] Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedMay 18, 2018
Alert CodeICSA-18-135-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Remotely exploitable/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess
- Vulnerabilities: SQL Injection, Improper Authorization, Path Traversal, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Improper Privilege Management, and External Control of File Name or Path
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information fro
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-15
Published