7.8
CVE-2018-8841
- EPSS 0.36%
- Veröffentlicht 15.05.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:25
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginIn Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advantech ≫ Webaccess Dashboard Version <= 2.0.15
Advantech ≫ Webaccess Scada Version < 8.3.1
Advantech ≫ Webaccess/nms Version <= 2.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.278 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
http://www.securityfocus.com/bid/104190
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01