漏洞描述
Advantech WebAccess(前称BroadWinWebAccess)是研华(Advantech)公司的一套基于浏览器架构的HMI/SCADA软件。该软件支持动态图形显示和实时数据控制,并提供远程控制和管理自动化设备的功能。Advantech WebAccess 8.3之前的版本中存在SQL注入漏洞,该漏洞源于程序未能正确的过滤输入,远程攻击者可利用该漏洞绕过登陆。
Advantech WebAccess SQL注入漏洞(CVE-2017-16716)
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-16716: NCBI ToolBox - Directory Traversal
- POC CVE-2021-21799: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
- POC CVE-2021-21800: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
- POC CVE-2021-21801: Advantech R-SeeNet - Cross-Site Scripting
- POC CVE-2021-21802: Advantech R-SeeNet - Cross-Site Scripting
- POC CVE-2021-21803: Advantech R-SeeNet - Cross-Site Scripting
- POC CVE-2021-21805: Advantech R-SeeNet 2.4.12 - OS Command Injection
- POC rseenet-default-password: Advantech R-SeeNet Default Login
- POC rseenet-default-login: Advantech R-SeeNet Default Login
- Advantech iView CVE-2022-2136 SQL 注入漏洞
- Advantech iView NetworkServlet 命令注入漏洞
- Advantech iView CVE-2022-2138 拒绝服务漏洞
- Advantech iView ConfigurationServlet SQL注入漏洞