First published: Fri May 08 2020(Updated: )
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Advantech WebAccess/SCADA | ||
Advantech WebAccess | <=8.4.4 | |
Advantech WebAccess | =9.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12026 is a vulnerability in Advantech WebAccess/SCADA that allows remote attackers to execute arbitrary code.
CVE-2020-12026 has a severity score of 9.8, which is considered critical.
Advantech WebAccess/SCADA versions 8.4.4 and 9.0.0 are affected by CVE-2020-12026.
CVE-2020-12026 can be exploited by remote attackers without authentication.
Yes, you can find more information about CVE-2020-12026 at the following references:\n1. [US-CERT Advisory ICSA-20-128-36](https://www.us-cert.gov/ics/advisories/icsa-20-128-36)\n2. [Zero Day Initiative Advisory ZDI-20-626](https://www.zerodayinitiative.com/advisories/ZDI-20-626/)\n3. [US-CERT Advisory ICSA-20-128-01](https://www.us-cert.gov/ics/advisories/icsa-20-128-01)