10

CVE-2016-0854

Exploit

EPSS 73.7%
Veröffentlicht 15.01.2016 03:59:16
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Advantech ≫ Webaccess Version <= 8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	73.7%	0.988

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

Third Party Advisory

US Government Resource

http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload

http://www.zerodayinitiative.com/advisories/ZDI-16-127

http://www.zerodayinitiative.com/advisories/ZDI-16-128

http://www.zerodayinitiative.com/advisories/ZDI-16-129

https://www.exploit-db.com/exploits/39735/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-0854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0854

EUVD