cbcvebase.

Advantech Webaccess vulnerabilities

53 known vulnerabilities affecting advantech/advantech_webaccess.

Total CVEs
53
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH15MEDIUM28LOW1

Vulnerabilities

Page 1 of 3
CVE-2014-2364P2HIGHCVSS 7.5PoC≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2364 [HIGH] CWE-121 CVE-2014-2364: Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to ex Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX cont
nvd
CVE-2012-0242P2CRITICALCVSS 10.0PoC≤ 6.0v5.02012-02-21
CVE-2012-0242 [CRITICAL] CWE-134 CVE-2012-0242: Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ex Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
nvd
CVE-2014-0763P2HIGHCVSS 7.5PoC≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0763 [HIGH] CWE-89 CVE-2014-0763: An attacker using SQL injection may use arguments to construct queries without proper sanitization. An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code.
nvd
CVE-2018-15705P3MEDIUMCVSS 6.5PoCv8.3.1 and 8.3.22018-10-31
CVE-2018-15705 [MEDIUM] CWE-22 CVE-2018-15705: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to writ WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
nvd
CVE-2018-15704P2HIGHCVSS 8.8v8.3.2 and below2018-10-22
CVE-2018-15704 [HIGH] CWE-787 CVE-2018-15704: Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
nvd
CVE-2018-14806P2CRITICALCVSS 9.8vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14806 [CRITICAL] CWE-22 CVE-2018-14806: Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
nvd
CVE-2012-0240P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0240 [CRITICAL] CWE-287 CVE-2012-0240: GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authenticatio GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2018-15706P3MEDIUMCVSS 6.5v8.3.1 and 8.3.22018-10-31
CVE-2018-15706 [MEDIUM] CWE-22 CVE-2018-15706: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
nvd
CVE-2018-14816P3CRITICALCVSS 9.8vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14816 [CRITICAL] CWE-121 CVE-2018-14816: Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that h Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2012-0238P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0238 [CRITICAL] CWE-119 CVE-2012-0238: Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote a Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2018-15707P4MEDIUMCVSS 5.4PoCv8.3.1 and 8.3.22018-10-31
CVE-2018-15707 [MEDIUM] CWE-79 CVE-2018-15707: Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp pag Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
nvd
CVE-2012-0241P4MEDIUMCVSS 5.0PoC≤ 6.0v5.02012-02-21
CVE-2012-0241 [MEDIUM] CWE-119 CVE-2012-0241: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
nvd
CVE-2012-0243P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2012-0243 [CRITICAL] CWE-119 CVE-2012-0243: Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 all Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
nvd
CVE-2011-4525P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4525 [CRITICAL] CWE-264 CVE-2011-4525: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitra Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
nvd
CVE-2011-4524P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4524 [CRITICAL] CWE-119 CVE-2011-4524: Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitr Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
nvd
CVE-2011-4526P3CRITICALCVSS 10.0≤ 6.0v5.02012-02-21
CVE-2011-4526 [CRITICAL] CWE-119 CVE-2011-4526: Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
nvd
CVE-2018-14820P3HIGHCVSS 7.5vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14820 [HIGH] CWE-73 CVE-2018-14820: Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control o Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
nvd
CVE-2014-0765P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0765 [HIGH] CWE-121 CVE-2014-0765: To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.
nvd
CVE-2014-0766P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0766 [HIGH] CWE-121 CVE-2014-0766: An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a stat An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.
nvd
CVE-2014-0773P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0773 [HIGH] CWE-77 CVE-2014-0773: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains v The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command lin
nvd
Advantech Webaccess vulnerabilities | cvebase