Advantech WebAccess CVE-2018-10589 – Execute arbitrary code

Authors:Trend Micro             Risk:High

CVE:CVE-2018-10589             0day:Execute arbitrary code 

0day -id:0DAY-176191            Date:2018-05-16

Description

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.

MITIGATIONS

Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. Users can download the latest version of WebAccess at the following location:

http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Leave a Reply