cbcvebase.

Advantech Webaccess vulnerabilities

53 known vulnerabilities affecting advantech/advantech_webaccess.

Total CVEs
53
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH15MEDIUM28LOW1

Vulnerabilities

Page 2 of 3
CVE-2011-4521P3HIGHCVSS 7.5≤ 6.0v5.02012-02-21
CVE-2011-4521 [HIGH] CWE-89 CVE-2011-4521: SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ex SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.
nvd
CVE-2012-0244P3HIGHCVSS 7.5≤ 6.0v5.02012-02-21
CVE-2012-0244 [HIGH] CWE-89 CVE-2012-0244: Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attac Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
nvd
CVE-2012-0234P3HIGHCVSS 7.5≤ 6.0v5.02012-02-21
CVE-2012-0234 [HIGH] CWE-89 CVE-2012-0234: SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ex SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
nvd
CVE-2014-0768P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0768 [HIGH] CWE-121 CVE-2014-0768: An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.
nvd
CVE-2014-0770P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0770 [HIGH] CWE-121 CVE-2014-0770: By providing an overly long string to the UserName parameter, an attacker may be able to overflow t By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.
nvd
CVE-2014-0992P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0992 [MEDIUM] CWE-119 CVE-2014-0992: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.
nvd
CVE-2014-0764P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0764 [HIGH] CWE-121 CVE-2014-0764: By providing an overly long string to the NodeName parameter, an attacker may be able to overflow t By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.
nvd
CVE-2014-0767P3HIGHCVSS 7.5≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0767 [HIGH] CWE-121 CVE-2014-0767: An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argu An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely.
nvd
CVE-2018-14828P3HIGHCVSS 7.8vWebAccess Versions 8.3.1 and prior2018-10-23
CVE-2018-14828 [HIGH] CWE-269 CVE-2018-14828: Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
nvd
CVE-2014-0990P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0990 [MEDIUM] CWE-119 CVE-2014-0990: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.
nvd
CVE-2014-0986P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0986 [MEDIUM] CWE-119 CVE-2014-0986: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.
nvd
CVE-2014-0988P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0988 [MEDIUM] CWE-119 CVE-2014-0988: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.
nvd
CVE-2014-0989P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0989 [MEDIUM] CWE-119 CVE-2014-0989: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.
nvd
CVE-2014-0985P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0985 [MEDIUM] CWE-119 CVE-2014-0985: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.
nvd
CVE-2014-0991P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0991 [MEDIUM] CWE-119 CVE-2014-0991: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
nvd
CVE-2014-0987P3MEDIUMCVSS 6.8v7.22014-09-20
CVE-2014-0987 [MEDIUM] CWE-119 CVE-2014-0987: Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote a Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.
nvd
CVE-2013-2299P4LOWCVSS 3.5PoC≤ 7.0v5.0+1 more2013-08-22
CVE-2013-2299 [LOW] CWE-79 CVE-2013-2299: Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2012-1234P4MEDIUMCVSS 6.5≤ 6.0v5.02012-02-21
CVE-2012-1234 [MEDIUM] CVE-2012-1234: SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
nvd
CVE-2012-0239P4MEDIUMCVSS 5.0≤ 6.0v5.02012-02-21
CVE-2012-0239 [MEDIUM] CWE-287 CVE-2012-0239: uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
nvd
CVE-2014-2368P4MEDIUMCVSS 5.0≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2368 [MEDIUM] CWE-623 CVE-2014-2368: The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows rem The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
Advantech Webaccess vulnerabilities | cvebase