'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_other:Advantech WebAccess SCADA certUpdate.asp filename Directory Traversal(Rule ID:1070310033)

Release Date2025/9/15

Rule NameCVE-2018-5445: Advantech WebAccess SCADA certUpdate.asp filename Directory Traversal Vulnerability

Severity:mid

CVE IDCVE-2018-5445

 

Descripiton

A directory traversal vulnerability exists in Advantech WebAccess SCADA software. The vulnerability is due to insufficient input validation of the filename parameter within certUpdate.asp. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation could lead to arbitrary code execution on the target application with privileges of the web application process. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.