CVE-2018-14820

Published: Oct 23, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

Affected (1)

Products: Advantech: Webaccess

Advantech

1 product

Webaccess

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Advantech Webaccess	Up to 8.3.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-73

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (6)

http://www.securityfocus.com/bid/105728

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041939

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C

Source: ics-cert@hq.dhs.gov

http://www.securityfocus.com/bid/105728

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041939

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.