CVE-2018-10590
Description
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Advantech WebAccess and related products allow directory listing, exposing sensitive files to unauthenticated remote attackers.
Vulnerability
CVE-2018-10590 is an information exposure vulnerability through directory listing in Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior [1]. The directory listing feature exposes files that are not normally visible, allowing an attacker to discover sensitive files without authentication.
Exploitation
An attacker can exploit this vulnerability remotely over the network with no authentication required and at low complexity [1]. The attacker simply navigates to a directory path where directory listing is enabled, and the server returns a list of files contained in that directory, including files that are normally hidden or not intended for public access.
Impact
Successful exploitation allows an attacker to discover sensitive files from the host or target system, leading to information disclosure of high confidentiality impact [1]. The attacker can potentially find configuration files, credentials, or other data that could be used for further attacks. No integrity or availability impact is reported.
Mitigation
Advantech has released fixed versions to address this vulnerability. Users should update WebAccess to versions later than V8.2_20170817 (e.g., V8.2_20170818 or later), WebAccess to versions later than V8.3.0 (e.g., V8.3.1 or later), WebAccess Dashboard to versions later than V.2.0.15, WebAccess Scada Node to version 8.3.1 or later, and WebAccess/NMS to versions later than 2.0.3 [1]. If patching is not immediately possible, administrators should restrict network access to the affected products and disable directory listing if the web server allows such configuration.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: < 8.3.1
- Range: <= V.2.0.15
<= V8.2_20170817, <= V8.3.0+ 1 more
- (no CPE)range: <= V8.2_20170817, <= V8.3.0
- (no CPE)range: WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/104190mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSA-18-135-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.