10

CVE-2016-0854

Exploit

EPSS 73.7%
Published 15.01.2016 03:59:16
Last modified 12.04.2025 10:46:40
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Advantech ≫ Webaccess Version <= 8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	73.7%	0.988

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

Third Party Advisory

US Government Resource

http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload

http://www.zerodayinitiative.com/advisories/ZDI-16-127

http://www.zerodayinitiative.com/advisories/ZDI-16-128

http://www.zerodayinitiative.com/advisories/ZDI-16-129

https://www.exploit-db.com/exploits/39735/

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2016-0854

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0854

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0854

EUVD