CVE-2016-0854

critical

Description

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

References

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

http://www.zerodayinitiative.com/advisories/ZDI-16-129

http://www.zerodayinitiative.com/advisories/ZDI-16-128

http://www.zerodayinitiative.com/advisories/ZDI-16-127

Details

Source: Mitre, NVD

Published: 2016-01-15

Updated: 2016-12-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical