Advantech.WA.IOCTL.10001.BwFLApp.Arbitrary.File.Deletion
Description
This indicates an attack attempt to exploit an Arbitrary File Deletion Vulnerability in Advantech WebAccess.
The vulnerability is due to insufficient validation on user supplied paths before using them in file operations within BwFLApp.exe. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the deletion of arbitrary files from the target system, and may lead to denial of service conditions if important executables or libraries are deleted.
Affected Products
Advantech WebAccess
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Advantech has not released an advisory regarding this vulnerability.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |