CVE-2018-15705

MEDIUM

Advantech WebAccess 8.3.1-8.3.2 - Authenticated Path Traversal and Arbitrary File Write via WADashboard writeFile API

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15705. PoCs published by Chris Lyne.

AI-analyzed exploit summary This exploit combines CVE-2018-15707 (XSS for credential theft) and CVE-2018-15705 (arbitrary file write) to achieve remote code execution on Advantech WebAccess SCADA 8.3.2. It requires user interaction to steal credentials via a malicious link, then writes an ASP file to execute arbitrary commands.

Description

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

Exploits (1)

exploitdb WORKING POC
by Chris Lyne · pythonwebappsasp
https://www.exploit-db.com/exploits/45774

This exploit combines CVE-2018-15707 (XSS for credential theft) and CVE-2018-15705 (arbitrary file write) to achieve remote code execution on Advantech WebAccess SCADA 8.3.2. It requires user interaction to steal credentials via a malicious link, then writes an ASP file to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Advantech WebAccess SCADA 8.3.2
Auth required
Prerequisites: Target running Advantech WebAccess SCADA 8.3.2 · User interaction to click malicious link · Valid project and node names
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45774/
Exploit, Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2018-35

Scores

CVSS v3 6.5
EPSS 0.1224
EPSS Percentile 95.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (2)
advantech/webaccess 8.3.1
advantech/webaccess 8.3.2
Published Oct 31, 2018
Tracked Since Feb 18, 2026