Critical severity9.8NVD Advisory· Published Jan 15, 2016· Updated May 6, 2026

CVE-2016-0854

Description

Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

Affected products

Advantech/Webaccess
cpe:2.3:a:advantech:webaccess:*:*:*:*:*:*:*:*
Range: <=8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/39735/nvdExploit
ics-cert.us-cert.gov/advisories/ICSA-16-014-01nvdThird Party AdvisoryUS Government Resource
www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_uploadnvd
www.zerodayinitiative.com/advisories/ZDI-16-127nvd
www.zerodayinitiative.com/advisories/ZDI-16-128nvd
www.zerodayinitiative.com/advisories/ZDI-16-129nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.058
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000