Skip to main content

Webaccess CVE-2016-5810

MEDIUM
Information Exposure (CWE-200)
2017-05-02 ics-cert@hq.dhs.gov
4.9
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 02, 2017 - 14:59 cve.org
MEDIUM 4.9

DescriptionCVE.org

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.

AnalysisAI

upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.4%.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Affected products include: Advantech Webaccess. Version information: before 8.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2016-0854 CRITICAL POC
9.8 Jan 15

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess

CVE-2016-0856 CRITICAL
9.8 Jan 15

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code

CVE-2014-9208 CRITICAL POC
10.0 Sep 11

Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attacker

CVE-2017-14016 MEDIUM POC
6.3 Nov 06

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated medium

CVE-2019-3951 CRITICAL POC
9.8 Dec 12

Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of

CVE-2019-3975 CRITICAL POC
9.8 Sep 10

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3954 CRITICAL POC
9.8 Jun 19

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2019-3953 CRITICAL POC
9.8 Jun 18

Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbi

CVE-2018-6911 CRITICAL POC
9.8 Feb 13

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS

CVE-2018-15704 HIGH POC
8.8 Oct 22

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. Rated high severity (CVSS 8.

CVE-2019-3941 HIGH POC
7.5 Apr 09

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Rated

CVE-2017-12698 CRITICAL
9.8 Aug 30

An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Rated critical s

Share

CVE-2016-5810 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy