CVE-2018-10589
Description
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Advantech WebAccess path traversal allows remote unauthenticated attackers to execute arbitrary code on affected versions.
Vulnerability
A path traversal vulnerability exists in Advantech WebAccess versions V8.2_20170817 and prior, V8.3.0 and prior, WebAccess Dashboard versions V2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS versions 2.0.3 and prior [1]. The flaw occurs due to improper neutralization of special elements used in file paths, enabling an attacker to traverse directories outside the intended scope [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication or user interaction [1]. By sending specially crafted HTTP requests that include path traversal sequences (e.g., ../), the attacker can navigate the file system to reach arbitrary files. The low skill level required for exploitation makes this highly accessible [1].
Impact
Successful exploitation allows an attacker to execute arbitrary code on the host system [1]. The vulnerability has a CVSS v3 base score of 9.8 (Critical), with the vector string indicating network-based, low-complexity, no-privilege, and no-interaction requirements [1]. This could lead to full compromise of the affected WebAccess server.
Mitigation
Advantech has released WebAccess version 8.3.1 for Scada Node and later versions for other products to address this vulnerability [1]. Users should upgrade to the latest available versions as recommended in the ICS-CERT advisory [1]. If immediate patching is not possible, network segmentation and restricting access to trusted hosts are advised.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: < 8.3.1
- Range: <= V2.0.15
<= V8.3.0+ 1 more
- (no CPE)range: <= V8.3.0
- (no CPE)range: WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/104190mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-18-135-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.