Access Control Vulnerability in WebAccess by Advantech
CVE-2018-17908

7.8HIGH

Key Information:

Vendor
Advantech
Status
Webaccess Versions 8.3.2 And Prior.
Vendor
CVE Published:
29 October 2018

Summary

In WebAccess versions 8.3.2 and earlier, the installation process disables user access controls and fails to reinstate them post-installation. This critical oversight presents a significant security risk, enabling attackers to execute arbitrary code with elevated privileges. Organizations using the affected versions should take immediate action to mitigate this vulnerability.

Affected Version(s)

WebAccess 8.3.2 and prior. WebAccess Versions 8.3.2 and prior.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02
x_refsource_MISC
http://www.securityfocus.com/bid/105736
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041957
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.