Advantech Webaccess Nms vulnerabilities
20 known vulnerabilities affecting advantech/webaccess_nms.
Total CVEs
20
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL9HIGH8MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-10621P2CRITICALCVSS 9.8Exploitedfixed in 3.0.22020-04-09
CVE-2020-10621 [CRITICAL] CWE-434 CVE-2020-10621: Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions pr
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
nvd
CVE-2020-10625P2CRITICALCVSS 9.8fixed in 3.0.22020-04-09
CVE-2020-10625 [CRITICAL] CWE-306 CVE-2020-10625: WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
nvd
CVE-2020-10619P2CRITICALCVSS 9.1fixed in 3.0.22020-04-09
CVE-2020-10619 [CRITICAL] CWE-23 CVE-2020-10619: An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
nvd
CVE-2018-10589P2CRITICALCVSS 9.8≤ 2.0.32018-05-15
CVE-2018-10589 [CRITICAL] CWE-22 CVE-2018-10589: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2018-7499P2CRITICALCVSS 9.8≤ 2.0.32018-05-15
CVE-2018-7499 [CRITICAL] CWE-121 CVE-2018-7499: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code
nvd
CVE-2018-7497P2CRITICALCVSS 9.8≤ 2.0.32018-05-15
CVE-2018-7497 [CRITICAL] CWE-822 CVE-2018-7497: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary co
nvd
CVE-2018-7505P3CRITICALCVSS 9.8≤ 2.0.32018-05-15
CVE-2018-7505 [CRITICAL] CWE-264 CVE-2018-7505: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to e
nvd
CVE-2018-8845P3CRITICALCVSS 9.8≤ 2.0.32018-05-15
CVE-2018-8845 [CRITICAL] CWE-122 CVE-2018-8845: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2020-10631P3CRITICALCVSS 9.8fixed in 3.0.22020-04-09
CVE-2020-10631 [CRITICAL] CWE-23 CVE-2020-10631: An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (v
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
nvd
CVE-2020-10603P3HIGHCVSS 8.8fixed in 3.0.22020-04-09
CVE-2020-10603 [HIGH] CWE-78 CVE-2020-10603: WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attac
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
nvd
CVE-2020-10617P3HIGHCVSS 7.5fixed in 3.0.22020-04-09
CVE-2020-10617 [HIGH] CWE-89 CVE-2020-10617: There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (ve
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
nvd
CVE-2018-7495P3HIGHCVSS 7.5≤ 2.0.32018-05-15
CVE-2018-7495 [HIGH] CWE-73 CVE-2018-7495: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
nvd
CVE-2018-7501P3HIGHCVSS 7.5≤ 2.0.32018-05-15
CVE-2018-7501 [HIGH] CWE-89 CVE-2018-7501: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the h
nvd
CVE-2018-7503P3HIGHCVSS 7.5≤ 2.0.32018-05-15
CVE-2018-7503 [HIGH] CWE-22 CVE-2018-7503: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
nvd
CVE-2018-10590P3HIGHCVSS 7.5≤ 2.0.32018-05-15
CVE-2018-10590 [HIGH] CWE-548 CVE-2018-10590: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find importan
nvd
CVE-2020-10629P3HIGHCVSS 7.5fixed in 3.0.22020-04-09
CVE-2020-10629 [HIGH] CWE-611 CVE-2020-10629: WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input cou
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
nvd
CVE-2018-8841P3HIGHCVSS 7.8≤ 2.0.32018-05-15
CVE-2018-8841 [HIGH] CWE-269 CVE-2018-8841: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be give
nvd
CVE-2020-10623P3MEDIUMCVSS 6.5fixed in 3.0.22020-04-09
CVE-2020-10623 [MEDIUM] CWE-89 CVE-2020-10623: Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on Web
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
nvd
CVE-2021-32951P4MEDIUMCVSS 5.3≤ 3.0.3≥ Versions, < v3.0.3_Build62992021-10-27
CVE-2021-32951 [MEDIUM] CWE-287 CVE-2021-32951: WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, whi
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
nvd
CVE-2018-10591P4MEDIUMCVSS 6.1≤ 2.0.32018-05-15
CVE-2018-10591 [MEDIUM] CWE-346 CVE-2018-10591: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, stea
nvd