Advantech WebAccess SCADA Dashboard Directory Traversal (CVE-2016-0855)

A directory traversal vulnerability has been reported in the Dashboard component of Advantech WebAccess. The vulnerability is due to insufficient input validation within the openWidget, removeFolder or removeFile methods in the FileAjaxAction script. A remote, unauthenticated attacker could explo...

CVE-2016-0855

CVE-2016-0855 concerns Advantech WebAccess (pre-8.1). The vulnerability is a directory traversal in the WebAccess Dashboard/Viewer that could allow remote attackers to list arbitrary files in a virtual directory via unspecified vectors. Public references from ZDI describe related dashboard viewer...