CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10629 – Advantech WebAccess/NMS MibbrowserTrapAddAction XML External Entity Reference Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10629
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. WebAccess/NMS (versiones anteriores a 3.0.2), no sanea una entrada XML. La entrada XML especialmente diseñada podría permitir a un atacante leer archivos confidenciales. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10603 – Advantech WebAccess/NMS DatabaseMgmtResource OS Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10603
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. WebAccess/NMS (versiones anteriores a 3.0.2), no sanea apropiadamente una entrada del usuario y puede permitir a un atacante inyectar comandos del sistema remotamente. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of calls to the ManualDBBackup endpoint. When parsing the filenamebknow parameter, the process does not properly validate a user-supplied string before using it to execute a system call. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10631 – Advantech WebAccess/NMS download.jsp Directory Traversal Information Disclosure and Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Un atacante podría usar una URL especialmente diseñada para eliminar o leer archivos fuera del control de WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the download.jsp endpoint. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10623 – Advantech WebAccess/NMS setDevicechoose SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-10623
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. Múltiples vulnerabilidades podrían permitir a un atacante con pocos privilegios llevar a cabo una inyección SQL en WebAccess/NMS (versiones anteriores a 3.0.2) para conseguir acceso a información confidencial. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of calls to the setDevicechoose method of the DBUtil class. When parsing calls to the FWUpgradeInfo endpoint, the process does not properly validate a user-supplied string before using it to construct SQL queries. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10591
https://notcve.org/view.php?id=CVE-2018-10591
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, WebAccess Scada Node en versiones anteriores a la 8.3.1 y WebAccess/NMS 2.0.3 y anteriores, se ha identificado una vulnerabilidad de error de validación de origen que podría permitir que un atacante cree un sitio web malicioso, robe cookies de sesión o acceda a los datos de los usuarios autenticados. • http://www.securityfocus.com/bid/104190 https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 • CWE-346: Origin Validation Error CWE-384: Session Fixation •