CVE-2017-5152

9.1CRITICAL

Key Information:

Vendor: Advantech
Status: Advantech Webaccess 8.1
Vendor: CVE Published:; 13 February 2017

Summary

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).

Affected Version(s)

Advantech WebAccess 8.1 Advantech WebAccess 8.1

References

https://www.tenable.com/security/research/tra-2017-04

x_refsource_MISC

http://www.securityfocus.com/bid/95410

vdb-entryx_refsource_BID

https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2017
Vulnerability Reserved
Jan 3, 2017