Advantech Webaccess vulnerabilities
118 known vulnerabilities affecting advantech/webaccess.
Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20
Vulnerabilities
Page 6 of 6
CVE-2014-8388P3HIGHCVSS 7.2≤ 7.22014-11-21
CVE-2014-8388 [HIGH] CWE-119 CVE-2014-8388: Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows r
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
nvd
CVE-2017-16732P3MEDIUMCVSS 6.5fixed in 8.32018-01-12
CVE-2017-16732 [MEDIUM] CWE-416 CVE-2017-16732: A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
nvd
CVE-2016-0851P4HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0851 [HIGH] CWE-119 CVE-2016-0851: Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds m
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.
nvd
CVE-2014-2368P4MEDIUMCVSS 5.0≤ 7.12014-07-19
CVE-2014-2368 [MEDIUM] CWE-623 CVE-2014-2368: The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows rem
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2014-2367P4MEDIUMCVSS 4.3≤ 7.12014-07-19
CVE-2014-2367 [MEDIUM] CWE-592 CVE-2014-2367: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAcce
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2018-10591P4MEDIUMCVSS 6.1≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-10591 [MEDIUM] CWE-346 CVE-2018-10591: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, stea
nvd
CVE-2014-2365P4MEDIUMCVSS 5.5≤ 7.12014-07-19
CVE-2014-2365 [MEDIUM] CWE-284 CVE-2014-2365: Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to cre
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
nvd
CVE-2015-3943P4MEDIUMCVSS 5.3≤ 8.02016-01-15
CVE-2015-3943 [MEDIUM] CWE-200 CVE-2015-3943: Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
nvd
CVE-2020-12010P4HIGHCVSS 7.1≤ 8.4.4v9.0.02020-05-08
CVE-2020-12010 [HIGH] CWE-23 CVE-2020-12010: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
nvd
CVE-2014-9202P4MEDIUMCVSS 6.9v8.02015-09-28
CVE-2014-9202 [MEDIUM] CWE-119 CVE-2014-9202: Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_2
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.
nvd
CVE-2018-15703P4MEDIUMCVSS 6.1≤ 8.3.22018-10-22
CVE-2018-15703 [MEDIUM] CWE-79 CVE-2018-15703: Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnera
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
nvd
CVE-2016-4525P4MEDIUMCVSS 6.6≤ 8.12016-06-25
CVE-2016-4525 [MEDIUM] CVE-2016-4525: Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated u
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
nvd
CVE-2021-34540P4MEDIUMCVSS 6.1v8.4.2v8.4.42021-06-11
CVE-2021-34540 [MEDIUM] CWE-79 CVE-2021-34540: Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WAD
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
nvd
CVE-2014-0772P4MEDIUMCVSS 5.0≤ 7.12014-04-12
CVE-2014-0772 [MEDIUM] CWE-538 CVE-2014-0772: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method tak
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
nvd
CVE-2014-0771P4MEDIUMCVSS 5.0≤ 7.12014-04-12
CVE-2014-0771 [MEDIUM] CWE-538 CVE-2014-0771: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
T
nvd
CVE-2015-3948P4MEDIUMCVSS 5.4≤ 8.02016-01-15
CVE-2015-3948 [MEDIUM] CWE-79 CVE-2015-3948: Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticat
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-2366P4MEDIUMCVSS 4.0≤ 7.12014-07-19
CVE-2014-2366 [MEDIUM] CWE-316 CVE-2014-2366: upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover creden
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
nvd
CVE-2016-4528P4MEDIUMCVSS 5.0≤ 8.12016-06-25
CVE-2016-4528 [MEDIUM] CWE-119 CVE-2016-4528: Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of s
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
nvd
← Previous6 / 6