CVE-2016-0854
First published: Fri Jan 15 2016(Updated: )
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess | <=8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
- https://www.exploit-db.com/exploits/39735/
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/advantech
- canonical/advantech webaccess
- version/advantech webaccess/8.0