Advantech Webaccess vulnerabilities
53 known vulnerabilities affecting advantech/advantech_webaccess.
Total CVEs
53
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH15MEDIUM28LOW1
Vulnerabilities
Page 1 of 3
CVE-2014-2364P2HIGHCVSS 7.5PoC≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2364 [HIGH] CWE-121 CVE-2014-2364: Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to ex
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX cont
nvd
CVE-2012-0242P2CRITICALCVSS 10.0PoC≤ 6.0v5.02012-02-21
CVE-2012-0242 [CRITICAL] CWE-134 CVE-2012-0242: Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ex
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
nvd
CVE-2014-0763P2HIGHCVSS 7.5PoC≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0763 [HIGH] CWE-89 CVE-2014-0763: An attacker using SQL injection may use arguments to construct queries without proper sanitization.
An attacker using SQL injection may use arguments to construct queries
without proper sanitization. The DBVisitor.dll is exposed through SOAP
interfaces, and the exposed functions are vulnerable to SOAP injection.
This may allow unexpected SQL action and access to records in the table
of the software database or execution of arbitrary code.
nvd
CVE-2018-15705P3MEDIUMCVSS 6.5PoCv8.3.1 and 8.3.22018-10-31
CVE-2018-15705 [MEDIUM] CWE-22 CVE-2018-15705: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to writ
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
nvd
CVE-2018-15704P2HIGHCVSS 8.8v8.3.2 and below2018-10-22
CVE-2018-15704 [HIGH] CWE-787 CVE-2018-15704: Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
nvd
CVE-2018-14806P2CRITICALCVSS 9.8vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14806 [CRITICAL] CWE-22 CVE-2018-14806: Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
nvd
CVE-2012-0240P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0240 [CRITICAL] CWE-287 CVE-2012-0240: GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authenticatio
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2018-15706P3MEDIUMCVSS 6.5v8.3.1 and 8.3.22018-10-31
CVE-2018-15706 [MEDIUM] CWE-22 CVE-2018-15706: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
nvd
CVE-2018-14816P3CRITICALCVSS 9.8vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14816 [CRITICAL] CWE-121 CVE-2018-14816: Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that h
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2012-0238P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0238 [CRITICAL] CWE-119 CVE-2012-0238: Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote a
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2018-15707P4MEDIUMCVSS 5.4PoCv8.3.1 and 8.3.22018-10-31
CVE-2018-15707 [MEDIUM] CWE-79 CVE-2018-15707: Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp pag
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
nvd
CVE-2012-0241P4MEDIUMCVSS 5.0PoC≤ 6.0v5.02012-02-21
CVE-2012-0241 [MEDIUM] CWE-119 CVE-2012-0241: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
nvd
CVE-2012-0243P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0243 [CRITICAL] CWE-119 CVE-2012-0243: Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 all
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
nvd
CVE-2011-4525P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4525 [CRITICAL] CWE-264 CVE-2011-4525: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitra
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
nvd
CVE-2011-4524P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4524 [CRITICAL] CWE-119 CVE-2011-4524: Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitr
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
nvd
CVE-2011-4526P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4526 [CRITICAL] CWE-119 CVE-2011-4526: Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
nvd
CVE-2018-14820P3HIGHCVSS 7.5vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14820 [HIGH] CWE-73 CVE-2018-14820: Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control o
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
nvd
CVE-2014-0765P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0765 [HIGH] CWE-121 CVE-2014-0765: To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the
To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely.
nvd
CVE-2014-0766P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0766 [HIGH] CWE-121 CVE-2014-0766: An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a stat
An attacker can exploit this vulnerability by copying an overly long
NodeName2 argument into a statically sized buffer on the stack to
overflow the static stack buffer. An attacker may use this vulnerability
to remotely execute arbitrary code.
nvd
CVE-2014-0773P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0773 [HIGH] CWE-77 CVE-2014-0773: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains v
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command lin
nvd
1 / 3Next →