VYPR
← All advisories
Unrated severityNVD Advisory· Published May 15, 2018· Updated Sep 17, 2024

CVE-2018-8845

CVE-2018-8845

Description

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer overflow in Advantech WebAccess could allow an attacker to execute arbitrary code.

Vulnerability

A heap-based buffer overflow vulnerability exists in Advantech WebAccess versions V8.2_20170817 and prior, V8.3.0 and prior, Dashboard V.2.0.15 and prior, Scada Node prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior. The issue is triggered when processing specially crafted requests, leading to memory corruption [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication, requiring low skill level. By sending a crafted request to the affected WebAccess component, the heap-based buffer overflow is triggered, potentially allowing arbitrary code execution [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the host or target system, potentially leading to full system compromise, data disclosure, or file deletion [1].

Mitigation

Not yet disclosed in the available references. Users should restrict network access to the affected systems and contact Advantech for updated versions [1].

References
  1. Advantech WebAccess | CISA

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Advantech/WebAccess Dashboardllm-create
    Range: <= V2.0.15
  • Advantech/WebAccss/SCADAllm-fuzzy
    Range: < 8.3.1
  • Advantech/Webaccessllm-fuzzy2 versions
    <= V8.3.0+ 1 more
    • (no CPE)range: <= V8.3.0
    • (no CPE)range: WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.