Advantech Webaccess vulnerabilities
118 known vulnerabilities affecting advantech/webaccess.
Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20
Vulnerabilities
Page 5 of 6
CVE-2014-0770P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0770 [HIGH] CWE-121 CVE-2014-0770: By providing an overly long string to the UserName parameter, an attacker may be able to overflow t
By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
nvd
CVE-2017-12719P3HIGHCVSS 7.5fixed in 8.2_201708172017-11-06
CVE-2017-12719 [HIGH] CWE-822 CVE-2017-12719: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
nvd
CVE-2014-0764P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0764 [HIGH] CWE-121 CVE-2014-0764: By providing an overly long string to the NodeName parameter, an attacker may be able to overflow t
By providing an overly long string to the NodeName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
nvd
CVE-2020-16202P3HIGHCVSS 7.8fixed in 9.0.12020-09-22
CVE-2020-16202 [HIGH] CWE-732 CVE-2020-16202: WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by spe
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
nvd
CVE-2018-8841P3HIGHCVSS 7.8≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-8841 [HIGH] CWE-269 CVE-2018-8841: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be give
nvd
CVE-2023-4215P3HIGHCVSS 7.5v9.1.32023-10-17
CVE-2023-4215 [HIGH] CWE-1295 CVE-2023-4215: Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized a
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
nvd
CVE-2014-0767P3HIGHCVSS 7.5≤ 7.12014-04-12
CVE-2014-0767 [HIGH] CWE-121 CVE-2014-0767: An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argu
An attacker may exploit this vulnerability by passing an overly long
value from the AccessCode argument to the control. This will overflow
the static stack buffer. The attacker may then execute code on the
target device remotely.
nvd
CVE-2018-17908P3HIGHCVSS 7.8≤ 8.3.22018-10-29
CVE-2018-17908 [HIGH] CWE-284 CVE-2018-17908: WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user acc
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.
nvd
CVE-2018-14828P3HIGHCVSS 7.8≤ 8.3.12018-10-23
CVE-2018-14828 [HIGH] CWE-269 CVE-2018-14828: Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
nvd
CVE-2016-0853P3HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0853 [HIGH] CWE-200 CVE-2016-0853: Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted i
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
nvd
CVE-2017-16753P3HIGHCVSS 7.5fixed in 8.32018-01-05
CVE-2017-16753 [HIGH] CWE-20 CVE-2017-16753: An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebA
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
nvd
CVE-2019-6554P3HIGHCVSS 7.5≤ 8.3.52019-04-05
CVE-2019-6554 [HIGH] CWE-284 CVE-2019-6554: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may al
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
nvd
CVE-2023-2866P3HIGHCVSS 7.8v8.4.52023-06-07
CVE-2023-2866 [HIGH] CWE-351 CVE-2023-2866: If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Ad
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
nvd
CVE-2017-12717P3HIGHCVSS 7.8≤ 8.22017-08-30
CVE-2017-12717 [HIGH] CWE-427 CVE-2017-12717: An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
nvd
CVE-2017-5175P3HIGHCVSS 7.8≤ 8.12018-05-09
CVE-2017-5175 [HIGH] CWE-427 CVE-2017-5175: Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attack
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
nvd
CVE-2017-16728P3HIGHCVSS 7.5fixed in 8.32018-01-05
CVE-2017-16728 [HIGH] CWE-822 CVE-2017-16728: An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3.
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
nvd
CVE-2017-12711P3HIGHCVSS 7.8≤ 8.22017-08-30
CVE-2017-12711 [HIGH] CWE-266 CVE-2017-12711: An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.
nvd
CVE-2017-7929P3HIGHCVSS 7.1≤ 8.12017-05-06
CVE-2017-7929 [HIGH] CWE-36 CVE-2017-7929: An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The ab
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.
nvd
CVE-2015-3946P3HIGHCVSS 8.8≤ 8.02016-01-15
CVE-2015-3946 [HIGH] CWE-352 CVE-2015-3946: Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote atta
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2017-12713P3HIGHCVSS 7.8≤ 8.22017-08-30
CVE-2017-12713 [HIGH] CWE-732 CVE-2017-12713: An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
nvd