SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-501962026] Advantech WebAccess

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-05-04OtherAdvantechZhou Yu working with Trend Micro’s Zero Day Initiative discovered the vulnerability. Zhou Yu has tested the new software and valN/ACVE-2017-7929 N/AN/AN/A

Source

						
							
								
#
# Advantech WebAccess
#


### VULNERABLE VENDOR
Advantech


### VULNERABLE PRODUCT
WebAccess



### RESEARCHER
Zhou Yu working with Trend Micro's Zero Day Initiative discovered the vulnerability. Zhou Yu has tested the new software and validated that it mitigates the vulnerability.



### AFFECTED PRODUCTS

The following WebAccess versions are affected:

WebAccess Version 8.1 and prior.



### IMPACT

Successful exploitation of this vulnerability could allow the attacker to traverse the file system and gain access to files or directories, which could result in the device becoming unavailable.



### VULNERABILITY OVERVIEW

ABSOLUTE PATH TRAVERSAL CWE-36
The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.
CVE-2017-7929 has been assigned to this vulnerability.
A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)





### BACKGROUND

Critical Infrastructure Sector(s): Critical Manufacturing
Countries/Areas Deployed: Taiwan, United States, Europe
Company Headquarters Location: Taiwan




### MITIGATION

Advantech has produced WebAccess Version 8.2_20170330 to mitigate this vulnerability. The new version can be downloaded at:

http://www.advantech.com/industrial-automation/webaccess/download