CVE-2018-14806 – Advantech WebAccess webvrpcs Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14806
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess 8.3.1 y anteriores tiene una vulnerabilidad de salto de directorio que podría permitir que un atacante ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-14828 – Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-14828
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Advantech WebAccess 8.3.1 y anteriores tiene una vulnerabilidad de gestión incorrecta de privilegios, lo que podría permitir que un atacante acceda a dichos archivos y realice acciones a nivel de administrador del sistema. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-269: Improper Privilege Management •
CVE-2018-14816 – Advantech WebAccess Client bwnodeip Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14816
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess 8.3.1 y anteriores tiene varias vulnerabilidades de desbordamiento de búfer basado en pila que podrían permitir que un atacante ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwnodeip.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-14820 – Advantech WebAccess Node drawsrv Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-14820
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess 8.3.1 y anteriores tiene un componente .dll que es susceptible a una vulnerabilidad de control externo de ruta o nombre de archivo, lo que podría permitir la eliminación de un archivo arbitrario al procesarse. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/105728 http://www.securitytracker.com/id/1041939 https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C • CWE-20: Improper Input Validation CWE-73: External Control of File Name or Path •
CVE-2018-15704
https://notcve.org/view.php?id=CVE-2018-15704
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. Advantech WebAccess 8.3.2 y anteriores es vulnerable a un desbordamiento de búfer basado en pila. Un atacante autenticado remoto podría explotar esta vulnerabilidad enviando una petición HTTP manipulada a broadweb/system/opcImg.asp. • https://www.tenable.com/security/research/tra-2018-33 • CWE-787: Out-of-bounds Write •