Advantech Webaccess vulnerabilities
53 known vulnerabilities affecting advantech/advantech_webaccess.
Total CVEs
53
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH15MEDIUM28LOW1
Vulnerabilities
Page 3 of 3
CVE-2012-0237P4MEDIUMCVSS 6.4≤ 6.0v5.02012-02-21
CVE-2012-0237 [MEDIUM] CWE-119 CVE-2012-0237: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
nvd
CVE-2014-2367P4MEDIUMCVSS 4.3≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2367 [MEDIUM] CWE-592 CVE-2014-2367: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAcce
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2014-2365P4MEDIUMCVSS 5.5≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2365 [MEDIUM] CWE-284 CVE-2014-2365: Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to cre
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
nvd
CVE-2018-15703P4MEDIUMCVSS 6.1v8.3.2 and below2018-10-22
CVE-2018-15703 [MEDIUM] CWE-79 CVE-2018-15703: Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnera
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
nvd
CVE-2014-0772P4MEDIUMCVSS 5.0≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0772 [MEDIUM] CWE-538 CVE-2014-0772: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method tak
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
nvd
CVE-2014-0771P4MEDIUMCVSS 5.0≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0771 [MEDIUM] CWE-538 CVE-2014-0771: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
T
nvd
CVE-2012-0235P4MEDIUMCVSS 6.0≤ 6.0v5.02012-02-21
CVE-2012-0235 [MEDIUM] CWE-352 CVE-2012-0235: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows re
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2012-1235P4MEDIUMCVSS 6.0≤ 6.0v5.02012-02-21
CVE-2012-1235 [MEDIUM] CVE-2012-1235: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote au
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
nvd
CVE-2012-0236P4MEDIUMCVSS 5.0≤ 6.0v5.02012-02-21
CVE-2012-0236 [MEDIUM] CWE-200 CVE-2012-0236: Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."
nvd
CVE-2014-2366P4MEDIUMCVSS 4.0≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2366 [MEDIUM] CWE-316 CVE-2014-2366: upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover creden
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
nvd
CVE-2011-4522P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2011-4522 [MEDIUM] CWE-79 CVE-2011-4522: Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 a
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
nvd
CVE-2012-0233P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2012-0233 [MEDIUM] CWE-79 CVE-2012-0233: Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote at
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
nvd
CVE-2011-4523P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2011-4523 [MEDIUM] CWE-79 CVE-2011-4523: Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 al
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
nvd
← Previous3 / 3