CVE-2018-8841
published 2018-05-15CVE-2018-8841: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada…
PriorityP339high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.36%
28.1th percentile
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | webaccess | <= 8.2_20170817 | — |
| advantech | webaccess | <= 8.3.0 | — |
| advantech | webaccess | — | — |
| advantech | webaccess_dashboard | <= 2.0.15 | — |
| advantech | webaccess_nms | <= 2.0.3 | — |
| advantech | webaccess_scada | < 8.3.1 | 8.3.1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Advantech WebAccess
cisa_ics·2018-05-18·CVSS 7.5
[HIGH] Advantech WebAccess
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Advantech WebAccess
Last RevisedMay 18, 2018
Alert CodeICSA-18-135-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Remotely exploitable/low skill level to exploit
- Vendor: Advantech
- Equipment: WebAccess
- Vulnerabilities: SQL Injection, Improper Authorization, Path Traversal, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Improper Privilege Management, and External Control of File Name or Path
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information fro
GHSA
GHSA-5rwg-3977-9qwq: In Advantech WebAccess versions V8
ghsa_unreviewed·2022-05-13
CVE-2018-8841 [HIGH] CWE-269 GHSA-5rwg-3977-9qwq: In Advantech WebAccess versions V8
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-15
Published