CVE-2020-12022
CRITICALAdvantech WebAccess < 8.4.4 and 9.0.0 - Remote Code Execution via Array Index Validation Bypass
Title source: llmDescription
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-128-01
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-598/
Scores
CVSS v3
9.8
EPSS
0.0046
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-129
Status
published
Products (2)
advantech/webaccess
9.0.0
advantech/webaccess
< 8.4.4
Published
May 08, 2020
Tracked Since
Feb 18, 2026