cbcvebase.

Advantech Webaccess vulnerabilities

118 known vulnerabilities affecting advantech/webaccess.

Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20

Vulnerabilities

Page 1 of 6
CVE-2016-0854P1CRITICALCVSS 9.8PoC≤ 8.02016-01-15
CVE-2016-0854 [CRITICAL] CVE-2016-0854: Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction scr Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
nvd
CVE-2017-16720P2CRITICALCVSS 9.8PoC≤ 8.3.22018-01-05
CVE-2017-16720 [CRITICAL] CWE-22 CVE-2017-16720: A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has acces A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
nvd
CVE-2018-6911P2CRITICALCVSS 9.8PoCv8.3.02018-02-13
CVE-2018-6911 [CRITICAL] CWE-78 CVE-2018-6911: The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
nvd
CVE-2014-2364P2HIGHCVSS 7.5PoC≤ 7.12014-07-19
CVE-2014-2364 [HIGH] CWE-121 CVE-2014-2364: Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to ex Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX cont
nvd
CVE-2017-16716P2CRITICALCVSS 9.8PoCfixed in 8.32018-01-05
CVE-2017-16716 [CRITICAL] CWE-89 CVE-2017-16716: A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
nvd
CVE-2014-9208P2CRITICALCVSS 10.0PoC≤ 8.02015-09-11
CVE-2014-9208 [CRITICAL] CWE-119 CVE-2014-9208: Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 a Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2014-0763P2HIGHCVSS 7.5PoC≤ 7.12014-04-12
CVE-2014-0763 [HIGH] CWE-89 CVE-2014-0763: An attacker using SQL injection may use arguments to construct queries without proper sanitization. An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code.
nvd
CVE-2017-14016P3MEDIUMCVSS 6.3PoCfixed in 8.2_201708172017-11-06
CVE-2017-14016 [MEDIUM] CWE-121 CVE-2017-14016: A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_201 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
nvd
CVE-2018-15705P3MEDIUMCVSS 6.5PoCv8.3.1v8.3.22018-10-31
CVE-2018-15705 [MEDIUM] CWE-22 CVE-2018-15705: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to writ WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
nvd
CVE-2021-38408P2CRITICALCVSS 9.8≤ 9.022021-09-09
CVE-2021-38408 [CRITICAL] CWE-121 CVE-2021-38408: A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
nvd
CVE-2019-10993P2CRITICALCVSS 9.8≤ 8.3.52019-06-28
CVE-2019-10993 [CRITICAL] CWE-119 CVE-2019-10993: In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
nvd
CVE-2016-0856P2CRITICALCVSS 9.8≤ 8.02016-01-15
CVE-2016-0856 [CRITICAL] CWE-119 CVE-2016-0856: Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to ex Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2019-3953P2CRITICALCVSS 9.8v8.4.02019-06-18
CVE-2019-3953 [CRITICAL] CWE-787 CVE-2019-3953: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
nvd
CVE-2019-3954P2CRITICALCVSS 9.8v8.4.02019-06-19
CVE-2019-3954 [CRITICAL] CWE-787 CVE-2019-3954: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
nvd
CVE-2016-0857P2CRITICALCVSS 9.8≤ 8.02016-01-15
CVE-2016-0857 [CRITICAL] CWE-119 CVE-2016-0857: Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to exe Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2019-10991P2CRITICALCVSS 9.8≤ 8.3.52019-06-28
CVE-2019-10991 [CRITICAL] CWE-787 CVE-2019-10991: In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities a In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
nvd
CVE-2018-15704P2HIGHCVSS 8.8≤ 8.3.22018-10-22
CVE-2018-15704 [HIGH] CWE-787 CVE-2018-15704: Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
nvd
CVE-2019-3975P2CRITICALCVSS 9.8v8.4.12019-09-10
CVE-2019-3975 [CRITICAL] CWE-787 CVE-2019-3975: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated atta Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
nvd
CVE-2017-12698P2CRITICALCVSS 9.8≤ 8.22017-08-30
CVE-2017-12698 [CRITICAL] CWE-287 CVE-2017-12698: An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_201708 An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.
nvd
CVE-2021-38389P2CRITICALCVSS 9.8≤ 9.0.2≥ All, ≤ 9.022021-10-18
CVE-2021-38389 [CRITICAL] CWE-121 CVE-2021-38389: Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which m Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
nvd
Advantech Webaccess vulnerabilities | cvebase