Published: 13/02/2017 Updated: 12/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
advantech susiaccess

require 'msf/core' class MetasploitModule < Msf::Auxiliary Rank = GreatRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' => %q{ This module exploits an information ...

#! /usr/bin/env ruby =begin Exploit Title: Advantech SUSIAccess RecoveryMgmt File Upload Date: 07/31/17 Exploit Author: james fitts Vendor Homepage: wwwadvantechcom/ Version: Advantech SUSIAccess <= 30 Tested on: Windows 7 SP1 Relavant Advisories: ZDI-16-630 ZDI-16-628 CVE-2016-9349 CVE-2016-9351 BID-94629 ICSA-16-336-04 Notes ...

Advantech SUSIAccess versions 30 and below suffers from a RecoveryMgmt file upload vulnerability ...

CVE-PoC-Finder This is simple golang script which fetch CVE data from the apiexploitobserver/?keyword=CVE-XXXX-XXXX Usage  go run cvePoCgo -cve CVE-2016-9349 or go run cvePoCgo -cve grafana Output: Description: Exploit Observer has 5 entries in 4 file formats related to CVE-2016

CWE-200 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04 http://www.securityfocus.com/bid/94629 https://www.exploit-db.com/exploits/42402/https://www.exploit-db.com/exploits/42401/https://nvd.nist.gov https://github.com/ghsec/CVE-PoC-Finder https://www.exploit-db.com/exploits/42401/

CVE-2016-9349

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect