CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 0CVE-2018-5443 – Advantech WebAccess Node uMailLogin Proj SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5443
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. Se ha descubierto un problema de inyección SQL en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. WebAccess/SCADA no sanea adecuadamente sus entradas para comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2018-5445 – Advantech WebAccess Node certUpdate filename Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5445
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. Se ha descubierto un problema de salto de directorio en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. Un atacante tiene acceso de lectura a archivos en la estructura de directorio del dispositivo objetivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •