CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10621 – Advantech WebAccess/NMS ProfileResource Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). Se presentan múltiples problemas que permiten que los archivos se carguen y ejecuten en WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importprofile endpoint. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10619 – Advantech WebAccess/NMS saveBackgroundAction Directory Traversal Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. Un atacante podría usar una URL especialmente diseñada para eliminar archivos fuera del control de WebAccess/NMS (versiones anteriores a 3.0.2). This vulnerability allows remote attackers to delete arbitary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When parsing the oldImage parameter, the process does not properly validate a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10625 – Advantech WebAccess/NMS UsersInputAction Missing Authentication for Critical Function Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-10625
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. WebAccess/NMS (versiones anteriores a 3.0.2), permite a un usuario no autenticado remoto crear una nueva cuenta de administrador. This vulnerability allows remote attackers to bypass authentication on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the usersInputAction.action endpoint. Authentication is missing for the critical function of creating new administrator accounts. • https://www.us-cert.gov/ics/advisories/icsa-20-098-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3942
https://notcve.org/view.php?id=CVE-2019-3942
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. Advantech WebAccess versión 8.3.4, no restringe apropiadamente una llamada RPC lo que permite a usuarios remotos no autenticados leer archivos. Un atacante puede usar esta vulnerabilidad para recuperar la contraseña de administrador. • https://www.tenable.com/security/research/tra-2019-15 • CWE-284: Improper Access Control CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10607
https://notcve.org/view.php?id=CVE-2020-10607
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. En Advantech WebAccess, versiones 8.4.2 y anteriores. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria causada por la falta de una comprobación apropiada de la longitud de los datos suministrados por el usuario puede permitir una ejecución de código remota. • https://www.us-cert.gov/ics/advisories/icsa-20-086-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •