cbcvebase.

Advantech Webaccess vulnerabilities

118 known vulnerabilities affecting advantech/webaccess.

Total CVEs
118
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL42HIGH56MEDIUM20

Vulnerabilities

Page 6 of 6
CVE-2014-8388P3HIGHCVSS 7.2≤ 7.22014-11-21
CVE-2014-8388 [HIGH] CWE-119 CVE-2014-8388: Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows r Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.
nvd
CVE-2017-16732P3MEDIUMCVSS 6.5fixed in 8.32018-01-12
CVE-2017-16732 [MEDIUM] CWE-416 CVE-2017-16732: A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
nvd
CVE-2016-0851P4HIGHCVSS 7.5≤ 8.02016-01-15
CVE-2016-0851 [HIGH] CWE-119 CVE-2016-0851: Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds m Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.
nvd
CVE-2014-2368P4MEDIUMCVSS 5.0≤ 7.12014-07-19
CVE-2014-2368 [MEDIUM] CWE-623 CVE-2014-2368: The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows rem The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2014-2367P4MEDIUMCVSS 4.3≤ 7.12014-07-19
CVE-2014-2367 [MEDIUM] CWE-592 CVE-2014-2367: The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAcce The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
nvd
CVE-2018-10591P4MEDIUMCVSS 6.1≤ 8.2_20170817≤ 8.3.0+1 more2018-05-15
CVE-2018-10591 [MEDIUM] CWE-346 CVE-2018-10591: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, stea
nvd
CVE-2014-2365P4MEDIUMCVSS 5.5≤ 7.12014-07-19
CVE-2014-2365 [MEDIUM] CWE-284 CVE-2014-2365: Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to cre Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
nvd
CVE-2015-3943P4MEDIUMCVSS 5.3≤ 8.02016-01-15
CVE-2015-3943 [MEDIUM] CWE-200 CVE-2015-3943: Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
nvd
CVE-2020-12010P4HIGHCVSS 7.1≤ 8.4.4v9.0.02020-05-08
CVE-2020-12010 [HIGH] CWE-23 CVE-2020-12010: Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal v Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
nvd
CVE-2014-9202P4MEDIUMCVSS 6.9v8.02015-09-28
CVE-2014-9202 [MEDIUM] CWE-119 CVE-2014-9202: Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_2 Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.
nvd
CVE-2018-15703P4MEDIUMCVSS 6.1≤ 8.3.22018-10-22
CVE-2018-15703 [MEDIUM] CWE-79 CVE-2018-15703: Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnera Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
nvd
CVE-2016-4525P4MEDIUMCVSS 6.6≤ 8.12016-06-25
CVE-2016-4525 [MEDIUM] CVE-2016-4525: Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated u Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
nvd
CVE-2021-34540P4MEDIUMCVSS 6.1v8.4.2v8.4.42021-06-11
CVE-2021-34540 [MEDIUM] CWE-79 CVE-2021-34540: Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WAD Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
nvd
CVE-2014-0772P4MEDIUMCVSS 5.0≤ 7.12014-04-12
CVE-2014-0772 [MEDIUM] CWE-538 CVE-2014-0772: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method tak The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk.
nvd
CVE-2014-0771P4MEDIUMCVSS 5.0≤ 7.12014-04-12
CVE-2014-0771 [MEDIUM] CWE-538 CVE-2014-0771: The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. T
nvd
CVE-2015-3948P4MEDIUMCVSS 5.4≤ 8.02016-01-15
CVE-2015-3948 [MEDIUM] CWE-79 CVE-2015-3948: Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticat Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2014-2366P4MEDIUMCVSS 4.0≤ 7.12014-07-19
CVE-2014-2366 [MEDIUM] CWE-316 CVE-2014-2366: upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover creden upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
nvd
CVE-2016-4528P4MEDIUMCVSS 5.0≤ 8.12016-06-25
CVE-2016-4528 [MEDIUM] CWE-119 CVE-2016-4528: Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of s Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
nvd
Advantech Webaccess vulnerabilities | cvebase