Описание
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
EPSS
7.2 High
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Уязвимость программного обеспечения удаленного мониторинга Advantech WebAccess, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
7.2 High
CVSS3
9.8 Critical
CVSS3