virus logo Intrusion Prevention

Advantech.WA.IOCTL.10001.BwPFile.Arbitrary.File.Deletion

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Deletion Vulnerability in Advantech WebAccess.
The vulnerability is due to insufficient validation on user supplied paths before using them in file operations within BwPFile.exe. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system. Successful exploitation results in the deletion of arbitrary files from the target system, and may lead to denial of service conditions if important executables or libraries are deleted.

affected-products-logoAffected Products

Advantech WebAccess 9.0.0 prior to 9.0.0.P0320900
Advantech WebAccess prior to 8.4.4.P0320844

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-06-11 15.863 Default_action:pass:drop
2020-06-02 15.855
ID 49047
Created Jun 02, 2020
Updated Jul 17, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows
Affected App SCADA