In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.

Published : 2018-05-15 22:29 Updated : 2019-10-09 23:42

CVSS Score More info
Score 6.4 / 10
Vendor Product Version URI
Advantech Webaccess 8.2_20170817 cpe:/a:advantech:webaccess:8.2_20170817
Advantech Webaccess 8.3.0 cpe:/a:advantech:webaccess:8.3.0
Advantech Webaccess%2fnms 2.0.3 cpe:/a:advantech:webaccess%2fnms:2.0.3
Advantech Webaccess Dashboard 2.0.15 cpe:/a:advantech:webaccess_dashboard:2.0.15
  1. Advantech (3) Search CVE
    1. Webaccess%2fnms (1) Search CVE
      1. 2.0.3
    2. Webaccess Dashboard (1) Search CVE
      1. 2.0.15
    3. Webaccess (2) Search CVE
      1. 8.2_20170817
      2. 8.3.0


ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2018-06-18 14:21
2018-05-18 01:29
2018-05-15 22:29