CVE-2018-7505

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.

Published : 2018-05-15 22:29 Updated : 2019-10-09 23:42

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Advantech Webaccess 8.2_20170817 cpe:/a:advantech:webaccess:8.2_20170817
Advantech Webaccess 8.3.0 cpe:/a:advantech:webaccess:8.3.0
Advantech Webaccess%2fnms 2.0.3 cpe:/a:advantech:webaccess%2fnms:2.0.3
Advantech Webaccess Dashboard 2.0.15 cpe:/a:advantech:webaccess_dashboard:2.0.15
  1. Advantech (3) Search CVE
    1. Webaccess (2) Search CVE
      1. 8.2_20170817
      2. 8.3.0
    2. Webaccess%2fnms (1) Search CVE
      1. 2.0.3
    3. Webaccess Dashboard (1) Search CVE
      1. 2.0.15

CWE

ID Name Description Links
CWE-434 Unrestricted Upload of File with Dangerous Type The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. CVE

History of changes

Date Event
2018-06-18 14:31
2018-05-18 01:29
2018-05-15 22:29

New CVE