Back
CVE-2016-0854
CRITICAL
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
Published: Jan 15, 2016
Modified: May 6, 2026
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (1)
| Vendor | Product | Version |
|---|---|---|
| advantech | webaccess | * |
GitHub Security Advisory GHSA-2hxc-7g8w-hjm5
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction...
References (12)
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 Third Party Advisory, US Government Resource
- https://www.exploit-db.com/exploits/39735/ Exploit
- http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload
- http://www.zerodayinitiative.com/advisories/ZDI-16-127
- http://www.zerodayinitiative.com/advisories/ZDI-16-128
- http://www.zerodayinitiative.com/advisories/ZDI-16-129
- https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 Third Party Advisory, US Government Resource
- https://www.exploit-db.com/exploits/39735/ Exploit
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
72.15%
Top 1% most likely to be exploited
Threat Score
70.8 / 100
Data Sources
NVD
EPSS
GitHub