Lucene search

CertccCVE-2012-0240

HistoryFeb 21, 2012 - 1:31 p.m.

CVE-2012-0240

2012-02-2113:31:57

CWE-287

certcc

web.nvd.nist.gov

cve

2012

0240

advantech

broadwin

webaccess

gbscriptaddup.asp

authentication bypass

remote code execution

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd

Node

advantechadvantech_webaccessRange≤6.0

advantechadvantech_webaccessMatch5.0

VendorProductVersionCPE
advantechadvantech_webaccess*cpe:2.3:a:advantech:advantech_webaccess:*:*:*:*:*:*:*:*
advantechadvantech_webaccess5.0cpe:2.3:a:advantech:advantech_webaccess:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
advantech	advantech_webaccess	*	cpe:2.3:a:advantech:advantech_webaccess::::::::
advantech	advantech_webaccess	5.0	cpe:2.3:a:advantech:advantech_webaccess:5.0:::::::*

References

www.securityfocus.com/bid/52051

www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON

Related for CVE-2012-0240