CVE-2018-14820 – Advantech WebAccess Node drawsrv Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-14820
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess 8.3.1 y anteriores tiene un componente .dll que es susceptible a una vulnerabilidad de control externo de ruta o nombre de archivo, lo que podría permitir la eliminación de un archivo arbitrario al procesarse. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVE-2018-15704
https://notcve.org/view.php?id=CVE-2018-15704
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. Advantech WebAccess 8.3.2 y anteriores es vulnerable a un desbordamiento de búfer basado en pila. Un atacante autenticado remoto podría explotar esta vulnerabilidad enviando una petición HTTP manipulada a broadweb/system/opcImg.asp. • https://www.tenable.com/security/research/tra-2018-33 • CWE-787: Out-of-bounds Write •
CVE-2018-15703
https://notcve.org/view.php?id=CVE-2018-15703
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. Advantech WebAccess 8.3.2 y anteriores es vulnerable a múltiples vulnerabilidades Cross-Site Scripting (XSS) reflejado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad engañando a una víctima para que proporcione código HTML o JavaScript malicioso a WebAccess, que se devuelve a la víctima y es ejecutado por el navegador web. • https://www.tenable.com/security/research/tra-2018-33 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-10591
https://notcve.org/view.php?id=CVE-2018-10591
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, WebAccess Scada Node en versiones anteriores a la 8.3.1 y WebAccess/NMS 2.0.3 y anteriores, se ha identificado una vulnerabilidad de error de validación de origen que podría permitir que un atacante cree un sitio web malicioso, robe cookies de sesión o acceda a los datos de los usuarios autenticados. • http://www.securityfocus.com/bid/104190 https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 • CWE-346: Origin Validation Error CWE-384: Session Fixation •
CVE-2018-7505 – Advantech WebAccess NMS TFTP Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7505
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, WebAccess Scada Node en versiones anteriores a la 8.3.1 y WebAccess/NMS 2.0.3 y anteriores, una aplicación TFTP tiene subidas de archivo sin restricciones, lo que podría permitir que un atacante ejecute código arbitrario. This vulnerability allows remote attackers to execute code on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the TFTP service. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. • http://www.securityfocus.com/bid/104190 https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •