CVE-2018-7501

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.

Published : 2018-05-15 22:29 Updated : 2019-10-09 23:42

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Advantech Webaccess 8.2_20170817 cpe:/a:advantech:webaccess:8.2_20170817
Advantech Webaccess 8.3.0 cpe:/a:advantech:webaccess:8.3.0
Advantech Webaccess%2fnms 2.0.3 cpe:/a:advantech:webaccess%2fnms:2.0.3
Advantech Webaccess Dashboard 2.0.15 cpe:/a:advantech:webaccess_dashboard:2.0.15
  1. Advantech (3) Search CVE
    1. Webaccess (2) Search CVE
      1. 8.2_20170817
      2. 8.3.0
    2. Webaccess%2fnms (1) Search CVE
      1. 2.0.3
    3. Webaccess Dashboard (1) Search CVE
      1. 2.0.15

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2018-06-18 14:15
2018-05-18 01:29
2018-05-15 22:29

New CVE