CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10623 – Advantech WebAccess/NMS setDevicechoose SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10623
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Múltiples vulnerabilidades podrían permitir a un atacante con pocos privilegios llevar a cabo una inyección SQL en WebAccess/NMS (versiones anteriores a 3.0.2) para conseguir acceso a información confidencial. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of calls to the setDevicechoose method of the DBUtil class. When parsing calls to the FWUpgradeInfo endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10631 – Advantech WebAccess/NMS download.jsp Directory Traversal Information Disclosure and Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Un atacante podría usar una URL especialmente diseñada para eliminar o leer archivos fuera del control de WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the download.jsp endpoint. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12010 – Advantech WebAccess IOCTL 0x2738 Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2020-12010
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de salto de ruta relativa que pueden permitir a un usuario autenticado usar un archivo especialmente diseñado para eliminar archivos fuera del control de la aplicación. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10621 – Advantech WebAccess/NMS ProfileResource Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Se presentan múltiples problemas que permiten que los archivos se carguen y ejecuten en WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importprofile endpoint. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10619 – Advantech WebAccess/NMS saveBackgroundAction Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Un atacante podría usar una URL especialmente diseñada para eliminar archivos fuera del control de WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to delete arbitary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When parsing the oldImage parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •