CVE-2017-5154

CRITICAL

Advantech WebAccess 8.1 Post Authentication Credential Collector

Title source: metasploit

Description

An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.

Exploits (1)

metasploit WORKING POC

by h00die, sinn3r · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/advantech_webaccess_creds.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95410

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

[Third Party Advisory] https://www.tenable.com/security/research/tra-2017-04

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

advantech/webaccess 8.1

n/a/Advantech WebAccess 8.1 Advantech WebAccess 8.1

Published Feb 13, 2017

Tracked Since Feb 18, 2026