Advantech Webaccess Scada vulnerabilities
48 known vulnerabilities affecting advantech/webaccess_scada.
Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH21MEDIUM11
Vulnerabilities
Page 1 of 3
CVE-2019-3975P2CRITICALCVSS 9.8v8.4.12019-09-10
CVE-2019-3975 [CRITICAL] CWE-787 CVE-2019-3975: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated atta
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
nvd
CVE-2019-6519P2CRITICALCVSS 9.8v8.32019-02-05
CVE-2019-6519 [CRITICAL] CWE-287 CVE-2019-6519: WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a pos
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
nvd
CVE-2023-1437P2CRITICALCVSS 9.8fixed in 9.1.42023-08-02
CVE-2023-1437 [CRITICAL] CWE-822 CVE-2023-1437: All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
nvd
CVE-2019-6550P2CRITICALCVSS 9.8vVersions 8.3.5 and prior.2019-04-05
CVE-2019-6550 [CRITICAL] CWE-121 CVE-2019-6550: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabil
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
nvd
CVE-2025-14849P2CRITICALCVSS 9.8v9.2.12025-12-18
CVE-2025-14849 [CRITICAL] CWE-434 CVE-2025-14849: Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to
Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
nvd
CVE-2018-10589P2CRITICALCVSS 9.8fixed in 8.3.12018-05-15
CVE-2018-10589 [CRITICAL] CWE-22 CVE-2018-10589: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2019-6552P2CRITICALCVSS 9.8vVersions 8.3.5 and prior.2019-04-05
CVE-2019-6552 [CRITICAL] CWE-77 CVE-2019-6552: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, cau
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
nvd
CVE-2018-7499P2CRITICALCVSS 9.8fixed in 8.3.12018-05-15
CVE-2018-7499 [CRITICAL] CWE-121 CVE-2018-7499: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code
nvd
CVE-2018-7497P2CRITICALCVSS 9.8fixed in 8.3.12018-05-15
CVE-2018-7497 [CRITICAL] CWE-822 CVE-2018-7497: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary co
nvd
CVE-2023-32628P2CRITICALCVSS 9.8≤ 9.1.32023-06-06
CVE-2023-32628 [CRITICAL] CWE-434 CVE-2023-32628: In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability t
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
nvd
CVE-2018-7505P3CRITICALCVSS 9.8fixed in 8.3.12018-05-15
CVE-2018-7505 [CRITICAL] CWE-264 CVE-2018-7505: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to e
nvd
CVE-2021-32943P3CRITICALCVSS 9.8fixed in 8.4.5≥ 9.0, < 9.0.12021-08-10
CVE-2021-32943 [CRITICAL] CWE-121 CVE-2021-32943: The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
nvd
CVE-2018-8845P3CRITICALCVSS 9.8fixed in 8.3.12018-05-15
CVE-2018-8845 [CRITICAL] CWE-122 CVE-2018-8845: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
nvd
CVE-2025-14850P3CRITICALCVSS 9.1v9.2.12025-12-18
CVE-2025-14850 [CRITICAL] CWE-22 CVE-2025-14850: Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delet
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
nvd
CVE-2023-32540P3CRITICALCVSS 9.8≤ 9.1.32023-06-06
CVE-2023-32540 [CRITICAL] CWE-94 CVE-2023-32540: In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, w
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
nvd
CVE-2025-46268P3HIGHCVSS 8.8v9.2.12025-12-18
CVE-2025-46268 [HIGH] CWE-89 CVE-2025-46268: Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute ar
Advantech WebAccess/SCADA
is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
nvd
CVE-2019-6523P3CRITICALCVSS 9.8v8.32019-02-05
CVE-2019-6523 [CRITICAL] CWE-89 CVE-2019-6523: WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
nvd
CVE-2020-25161P3HIGHCVSS 8.8fixed in 9.0.12021-02-23
CVE-2020-25161 [HIGH] CWE-73 CVE-2020-25161: The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
nvd
CVE-2021-22669P3HIGHCVSS 8.8≤ 9.0.12021-04-26
CVE-2021-22669 [HIGH] CWE-732 CVE-2021-22669: Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
nvd
CVE-2025-67653P3HIGHCVSS 7.5v9.2.12025-12-18
CVE-2025-67653 [HIGH] CWE-22 CVE-2025-67653: Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to deter
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files.
nvd
1 / 3Next →