Vulnerability Details : CVE-2016-0854
Public exploit exists!
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Products affected by CVE-2016-0854
- cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0854
39.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-0854
-
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
Disclosure Date: 2016-02-05First seen: 2020-04-26exploit/windows/scada/advantech_webaccess_dashboard_file_uploadThis module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerabi
CVSS scores for CVE-2016-0854
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2016-0854
-
http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
Advantech WebAccess Dashboard Viewer uploadImageCommon Arbitrary File Upload
-
http://www.zerodayinitiative.com/advisories/ZDI-16-128
ZDI-16-128 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-16-129
ZDI-16-129 | Zero Day Initiative
-
http://www.zerodayinitiative.com/advisories/ZDI-16-127
ZDI-16-127 | Zero Day Initiative
-
https://www.exploit-db.com/exploits/39735/
Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)Exploit
-
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Advantech WebAccess Vulnerabilities | CISAThird Party Advisory;US Government Resource
Jump to