Advantech Webaccess vulnerabilities
118 known vulnerabilities affecting advantech/webaccess.
Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20
Vulnerabilities
Page 2 of 6
CVE-2020-12002P2CRITICALCVSS 9.8≤ 8.4.4v9.0.02020-05-08
CVE-2020-12002 [CRITICAL] CWE-121 CVE-2020-12002: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overfl
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
nvd
CVE-2019-6550P2CRITICALCVSS 9.8≤ 8.3.52019-04-05
CVE-2019-6550 [CRITICAL] CWE-121 CVE-2019-6550: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabil
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
nvd
CVE-2019-3940P2CRITICALCVSS 9.8v8.3.42019-04-09
CVE-2019-3940 [CRITICAL] CWE-434 CVE-2019-3940: Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unau
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
nvd
CVE-2018-14806P2CRITICALCVSS 9.8≤ 8.3.12018-10-23
CVE-2018-14806 [CRITICAL] CWE-22 CVE-2018-14806: Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
nvd
CVE-2018-10589P2CRITICALCVSS 9.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-10589 [CRITICAL] CWE-22 CVE-2018-10589: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2019-6552P2CRITICALCVSS 9.8≤ 8.3.52019-04-05
CVE-2019-6552 [CRITICAL] CWE-77 CVE-2019-6552: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, cau
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
nvd
CVE-2019-13558P2CRITICALCVSS 9.8≤ 8.4.1vVersions 8.4.1 and prior2019-09-18
CVE-2019-13558 [CRITICAL] CWE-94 CVE-2019-13558: In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper contr
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
nvd
CVE-2019-10989P2CRITICALCVSS 9.8≤ 8.3.52019-06-28
CVE-2019-10989 [CRITICAL] CWE-787 CVE-2019-10989: In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.
nvd
CVE-2017-5152P2CRITICALCVSS 9.1v8.12017-02-13
CVE-2017-5152 [CRITICAL] CWE-287 CVE-2017-5152: An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).
nvd
CVE-2020-10638P2CRITICALCVSS 9.8≤ 8.4.4v9.0.02020-05-08
CVE-2020-10638 [CRITICAL] CWE-122 CVE-2020-10638: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflo
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
nvd
CVE-2018-7499P2CRITICALCVSS 9.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7499 [CRITICAL] CWE-121 CVE-2018-7499: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code
nvd
CVE-2018-7497P2CRITICALCVSS 9.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7497 [CRITICAL] CWE-822 CVE-2018-7497: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary co
nvd
CVE-2016-5810P3MEDIUMCVSS 4.9PoC≤ 8.12017-05-02
CVE-2016-5810 [MEDIUM] CWE-200 CVE-2016-5810: upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
nvd
CVE-2018-7505P3CRITICALCVSS 9.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7505 [CRITICAL] CWE-264 CVE-2018-7505: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to e
nvd
CVE-2018-8845P3CRITICALCVSS 9.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-8845 [CRITICAL] CWE-122 CVE-2018-8845: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2019-13552P3HIGHCVSS 8.8≤ 8.4.1vversions 8.4.1 and prior2019-09-18
CVE-2019-13552 [HIGH] CWE-77 CVE-2019-13552: In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a la
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
nvd
CVE-2020-10607P3HIGHCVSS 8.8≤ 8.4.22020-03-27
CVE-2020-10607 [HIGH] CWE-121 CVE-2020-10607: In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
nvd
CVE-2017-12706P3CRITICALCVSS 9.8≤ 8.22017-08-30
CVE-2017-12706 [CRITICAL] CWE-121 CVE-2017-12706: A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_201
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the
nvd
CVE-2016-0859P3CRITICALCVSS 9.8≤ 8.02016-01-15
CVE-2016-0859 [CRITICAL] CWE-189 CVE-2016-0859: Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
nvd
CVE-2018-15706P3MEDIUMCVSS 6.5v8.3.1v8.3.22018-10-31
CVE-2018-15706 [MEDIUM] CWE-22 CVE-2018-15706: WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
nvd