Advantech WebAccess CVE-2018-7505– Execute arbitrary code

Authors:Trend Micro             Risk:High

CVE:CVE-2018-7505              0day:Execute arbitrary code 

0day -id:0DAY-176192            Date:2018-05-16

Description

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.

MITIGATIONS

Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. Users can download the latest version of WebAccess at the following location:

http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Leave a Reply