cbcvebase.

Advantech Webaccess vulnerabilities

53 known vulnerabilities affecting advantech/advantech_webaccess.

Total CVEs
53
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH15MEDIUM28LOW1

Vulnerabilities

Page 3 of 3
CVE-2012-0237P4MEDIUMCVSS 6.4≤ 6.0v5.02012-02-21
CVE-2012-0237 [MEDIUM] CWE-119 CVE-2012-0237: Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
nvd
CVE-2014-2367P4MEDIUMCVSS 4.3≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2367 [MEDIUM] CWE-592 CVE-2014-2367: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAcce The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2014-2365P4MEDIUMCVSS 5.5≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2365 [MEDIUM] CWE-284 CVE-2014-2365: Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to cre Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
nvd
CVE-2018-15703P4MEDIUMCVSS 6.1v8.3.2 and below2018-10-22
CVE-2018-15703 [MEDIUM] CWE-79 CVE-2018-15703: Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnera Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
nvd
CVE-2014-0772P4MEDIUMCVSS 5.0≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0772 [MEDIUM] CWE-538 CVE-2014-0772: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method tak The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk.
nvd
CVE-2014-0771P4MEDIUMCVSS 5.0≤ 7.1v5.0+2 more2014-04-12
CVE-2014-0771 [MEDIUM] CWE-538 CVE-2014-0771: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. T
nvd
CVE-2012-0235P4MEDIUMCVSS 6.0≤ 6.0v5.02012-02-21
CVE-2012-0235 [MEDIUM] CWE-352 CVE-2012-0235: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows re Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2012-1235P4MEDIUMCVSS 6.0≤ 6.0v5.02012-02-21
CVE-2012-1235 [MEDIUM] CVE-2012-1235: Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote au Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
nvd
CVE-2012-0236P4MEDIUMCVSS 5.0≤ 6.0v5.02012-02-21
CVE-2012-0236 [MEDIUM] CWE-200 CVE-2012-0236: Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."
nvd
CVE-2014-2366P4MEDIUMCVSS 4.0≤ 7.1v5.0+2 more2014-07-19
CVE-2014-2366 [MEDIUM] CWE-316 CVE-2014-2366: upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover creden upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
nvd
CVE-2011-4522P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2011-4522 [MEDIUM] CWE-79 CVE-2011-4522: Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 a Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
nvd
CVE-2012-0233P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2012-0233 [MEDIUM] CWE-79 CVE-2012-0233: Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote at Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
nvd
CVE-2011-4523P4MEDIUMCVSS 4.3≤ 6.0v5.02012-02-21
CVE-2011-4523 [MEDIUM] CWE-79 CVE-2011-4523: Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 al Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
nvd
Advantech Webaccess vulnerabilities | cvebase