ID
VAR-201802-1104
CVE
CVE-2018-6911
TITLE
Advantech WebAccess In OS Command injection vulnerability
Trust: 0.8
DESCRIPTION
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Advantech WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The 'VBWinExec' function of the NodeAspVBObj.dll file in Advantech WebAccess version 8.3.0 has an operating system command injection vulnerability
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess | scope: | eq | version: | 8.3.0 | Trust: 1.8 |
| vendor: | advantech | model: | webaccess | scope: | eq | version: | 8..3.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
operating system commend injection
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | Advantech WebAccess | url: | http://www.advantech.co.jp/products/a7b4308c-a3d0-446c-8f03-0d098d4b2c31/advantech-webaccess/mod_b975c492-56b3-4eba-8bbb-5b6d3483ee9d | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2018-6911 | Trust: 2.6 |
| db: | EXPLOIT-DB | id: | 44031 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2018-002211 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201802-965 | Trust: 0.7 |
| db: | PACKETSTORM | id: | 146360 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-136943 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2018-6911 | Trust: 0.1 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/44031/ | Trust: 2.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6911 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-6911 | Trust: 0.8 |
| url: | https://cwe.mitre.org/data/definitions/78.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-136943 |
| db: | VULMON | id: | CVE-2018-6911 |
| db: | JVNDB | id: | JVNDB-2018-002211 |
| db: | CNNVD | id: | CNNVD-201802-965 |
| db: | NVD | id: | CVE-2018-6911 |
LAST UPDATE DATE
2024-08-14T14:26:52.897000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-136943 | date: | 2019-08-02T00:00:00 |
| db: | VULMON | id: | CVE-2018-6911 | date: | 2019-08-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-002211 | date: | 2018-04-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201802-965 | date: | 2019-08-05T00:00:00 |
| db: | NVD | id: | CVE-2018-6911 | date: | 2019-08-02T18:35:40.893 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-136943 | date: | 2018-02-13T00:00:00 |
| db: | VULMON | id: | CVE-2018-6911 | date: | 2018-02-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2018-002211 | date: | 2018-04-02T00:00:00 |
| db: | CNNVD | id: | CNNVD-201802-965 | date: | 2018-02-13T00:00:00 |
| db: | NVD | id: | CVE-2018-6911 | date: | 2018-02-13T14:29:00.217 |