Advantech.WA.NMS.SupportDeviceaddAction.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in Advantech WebAccess/NMS.
The vulnerability is due to insufficient input validation on file paths in the SupportDeviceaddAction servlet. Unauthenticated remote attackers could exploit this vulnerability by uploading specially crafted executable files to the server. This can lead to arbitrary code execution with SYSTEM privileges.

affected-products-logoAffected Products

Advantech WebAccess/NMS prior to 3.0.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

ICSA-20-098-01