CVE-2018-7495

Vulnerability

An external control of file name or path vulnerability exists in Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior [1]. The vulnerability is listed as CWE-73: External Control of File Name or Path. The affected software fails to properly sanitize user input used to construct file paths, allowing an attacker to control which file is targeted for deletion.

Exploitation

An attacker can exploit this vulnerability remotely without authentication and with low skill level [1]. The attacker sends a specially crafted request to the affected web application, manipulating the file name or path parameter to point to an arbitrary file on the system. No user interaction is required beyond the attacker crafting the malicious request. The vulnerability is network-exploitable via the HTTP/HTTPS interface.

Impact

Successful exploitation of this vulnerability allows an attacker to delete arbitrary files from the host system [1]. Depending on which files are deleted, this could lead to a denial of service, data loss, or potentially assist in further compromise of the system. The CVSS v3 base score is 9.8 (Critical) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high impact on confidentiality, integrity, and availability [1].

Mitigation

Advantech has released updates to address this vulnerability [1]. Users should upgrade to the following versions or later: WebAccess 8.3.1, WebAccess Dashboard 2.0.16, WebAccess Scada Node 8.3.1, and WebAccess/NMS 2.0.4. The advisory also recommends that users minimize network exposure and ensure the software is not accessible from untrusted networks. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.