CVE-2016-0854 Information
Feb 14, 2021
cve
Description
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload http://www.zerodayinitiative.com/advisories/ZDI-16-127 http://www.zerodayinitiative.com/advisories/ZDI-16-128 http://www.zerodayinitiative.com/advisories/ZDI-16-129 https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 https://www.exploit-db.com/exploits/39735/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: