CVE-2016-0854

Exploit

EPSS 77.11%
Veröffentlicht 15.01.2016 03:59:16
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Advantech ≫ Webaccess Version <= 8.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	77.11%	0.995

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

Third Party Advisory

US Government Resource

http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload

http://www.zerodayinitiative.com/advisories/ZDI-16-127

http://www.zerodayinitiative.com/advisories/ZDI-16-128

http://www.zerodayinitiative.com/advisories/ZDI-16-129

https://www.exploit-db.com/exploits/39735/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-0854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0854

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-0854