cbcvebase.

Advantech Webaccess vulnerabilities

118 known vulnerabilities affecting advantech/webaccess.

Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20

Vulnerabilities

Page 4 of 6
CVE-2017-12704P3HIGHCVSS 8.8≤ 8.22017-08-30
CVE-2017-12704 [HIGH] CWE-122 CVE-2017-12704: A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_2017 A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the con
nvd
CVE-2017-12702P3HIGHCVSS 8.8≤ 8.22017-08-30
CVE-2017-12702 [HIGH] CWE-134 CVE-2017-12702: An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
nvd
CVE-2016-0855P3HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0855 [HIGH] CWE-22 CVE-2016-0855: Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
nvd
CVE-2017-12710P3HIGHCVSS 7.5≤ 8.22017-08-30
CVE-2017-12710 [HIGH] CWE-89 CVE-2017-12710: A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By subm A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
nvd
CVE-2019-3942P3HIGHCVSS 7.5v8.3.42020-04-01
CVE-2019-3942 [HIGH] CWE-284 CVE-2019-3942: Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
nvd
CVE-2016-0852P3HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0852 [HIGH] CWE-264 CVE-2016-0852: Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirem Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.
nvd
CVE-2018-17910P3HIGHCVSS 7.8≤ 8.3.22018-10-29
CVE-2018-17910 [HIGH] CWE-121 CVE-2018-17910: WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-su WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
nvd
CVE-2018-7495P3HIGHCVSS 7.5≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7495 [HIGH] CWE-73 CVE-2018-7495: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
nvd
CVE-2018-7501P3HIGHCVSS 7.5≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7501 [HIGH] CWE-89 CVE-2018-7501: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the h
nvd
CVE-2020-12014P3HIGHCVSS 7.5≤ 8.4.4v9.0.02020-05-08
CVE-2020-12014 [HIGH] CWE-89 CVE-2020-12014: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized an Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.
nvd
CVE-2018-14820P3HIGHCVSS 7.5≤ 8.3.12018-10-23
CVE-2018-14820 [HIGH] CWE-73 CVE-2018-14820: Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control o Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
nvd
CVE-2020-12018P3HIGHCVSS 7.5≤ 8.4.4v9.0.02020-05-08
CVE-2020-12018 [HIGH] CWE-125 CVE-2020-12018: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exi Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
nvd
CVE-2014-0765P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0765 [HIGH] CWE-121 CVE-2014-0765: To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.
nvd
CVE-2014-0766P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0766 [HIGH] CWE-121 CVE-2014-0766: An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a stat An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.
nvd
CVE-2018-7503P3HIGHCVSS 7.5≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-7503 [HIGH] CWE-22 CVE-2018-7503: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
nvd
CVE-2014-0773P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0773 [HIGH] CWE-77 CVE-2014-0773: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains v The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command lin
nvd
CVE-2018-10590P3HIGHCVSS 7.5≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-10590 [HIGH] CWE-548 CVE-2018-10590: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find importan
nvd
CVE-2019-10983P3HIGHCVSS 7.5≤ 8.3.52019-06-28
CVE-2019-10983 [HIGH] CWE-125 CVE-2019-10983: In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
nvd
CVE-2016-0860P3HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0860 [HIGH] CWE-119 CVE-2016-0860: Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
nvd
CVE-2014-0768P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0768 [HIGH] CWE-121 CVE-2014-0768: An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.
nvd
Advantech Webaccess vulnerabilities | cvebase