cbcvebase.

Advantech Webaccess vulnerabilities

118 known vulnerabilities affecting advantech/webaccess.

Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20

Vulnerabilities

Page 3 of 6
CVE-2018-14816P3CRITICALCVSS 9.8≤ 8.3.12018-10-23
CVE-2018-14816 [CRITICAL] CWE-121 CVE-2018-14816: Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that h Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2019-3951P3CRITICALCVSS 9.8fixed in 8.4.32019-12-12
CVE-2019-3951 [CRITICAL] CWE-121 CVE-2019-3951: Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code o Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
nvd
CVE-2019-13550P3CRITICALCVSS 9.8≤ 8.4.1vversions 8.4.1 and prior2019-09-18
CVE-2019-13550 [CRITICAL] CWE-285 CVE-2019-13550: In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacke In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
nvd
CVE-2020-12019P3CRITICALCVSS 9.8≤ 8.4.42020-06-15
CVE-2020-12019 [CRITICAL] CWE-121 CVE-2020-12019: WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may all WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2019-13556P3HIGHCVSS 8.8≤ 8.4.1vversions 8.4.1 and prior2019-09-18
CVE-2019-13556 [HIGH] CWE-121 CVE-2019-13556: In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caus In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
nvd
CVE-2017-5154P3CRITICALCVSS 9.8v8.12017-02-13
CVE-2017-5154 [CRITICAL] CWE-89 CVE-2017-5154: An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
nvd
CVE-2021-33023P3CRITICALCVSS 9.8≤ 9.0.2≥ All, ≤ 9.022021-10-18
CVE-2021-33023 [CRITICAL] CWE-122 CVE-2021-33023: Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which ma Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
nvd
CVE-2017-12708P3CRITICALCVSS 9.8≤ 8.22017-08-30
CVE-2017-12708 [CRITICAL] CWE-119 CVE-2017-12708: An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in A An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system t
nvd
CVE-2019-10987P3HIGHCVSS 8.8≤ 8.3.52019-06-28
CVE-2019-10987 [HIGH] CWE-787 CVE-2019-10987: In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
nvd
CVE-2020-12006P3CRITICALCVSS 9.8≤ 8.4.4v9.0.02020-05-08
CVE-2020-12006 [CRITICAL] CWE-23 CVE-2020-12006: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
nvd
CVE-2019-10985P3CRITICALCVSS 9.1≤ 8.3.52019-06-28
CVE-2019-10985 [CRITICAL] CWE-22 CVE-2019-10985: In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
nvd
CVE-2018-15707P4MEDIUMCVSS 5.4PoCv8.3.1v8.3.22018-10-31
CVE-2018-15707 [MEDIUM] CWE-79 CVE-2018-15707: Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp pag Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
nvd
CVE-2020-12022P3CRITICALCVSS 9.8≤ 8.4.4v9.0.02020-05-08
CVE-2020-12022 [CRITICAL] CWE-129 CVE-2020-12022: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerabili Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
nvd
CVE-2020-12026P3HIGHCVSS 8.8≤ 8.4.4v9.0.02020-05-08
CVE-2020-12026 [HIGH] CWE-23 CVE-2020-12026: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
nvd
CVE-2015-6467P3HIGHCVSS 8.1≤ 8.02016-01-15
CVE-2015-6467 [HIGH] CVE-2015-6467: Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involvi Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
nvd
CVE-2017-16724P3CRITICALCVSS 9.8fixed in 8.32018-01-05
CVE-2017-16724 [CRITICAL] CWE-121 CVE-2017-16724: A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. The A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.
nvd
CVE-2016-0858P3HIGHCVSS 8.1≤ 8.02016-01-15
CVE-2016-0858 [HIGH] CWE-119 CVE-2016-0858: Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code o Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
nvd
CVE-2015-3947P3HIGHCVSS 8.1≤ 8.02016-01-15
CVE-2015-3947 [HIGH] CWE-89 CVE-2015-3947: SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to e SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
nvd
CVE-2019-3941P3HIGHCVSS 7.5v8.3.42019-04-09
CVE-2019-3941 [HIGH] CWE-306 CVE-2019-3941: Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOC Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
nvd
CVE-2017-16736P3HIGHCVSS 7.5fixed in 8.32018-01-12
CVE-2017-16736 [HIGH] CWE-434 CVE-2017-16736: An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versi An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
nvd