cbcvebase.

Advantech Webaccess Scada vulnerabilities

48 known vulnerabilities affecting advantech/webaccess_scada.

Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH21MEDIUM11

Vulnerabilities

Page 2 of 3
CVE-2019-6521P3HIGHCVSS 8.6v8.32019-02-05
CVE-2019-6521 [HIGH] CWE-287 CVE-2019-6521: WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypas WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
nvd
CVE-2026-6888P3HIGHCVSS 7.2vprior to version 9.2.32026-05-13
CVE-2026-6888 [HIGH] CWE-89 CVE-2026-6888: Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attack Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database.
nvd
CVE-2023-22450P3HIGHCVSS 7.2≤ 9.1.32023-06-06
CVE-2023-22450 [HIGH] CWE-434 CVE-2023-22450: In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability tha In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
nvd
CVE-2020-13550P3HIGHCVSS 7.7v9.0.12021-02-17
CVE-2020-13550 [HIGH] CWE-22 CVE-2020-13550: A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2018-7495P3HIGHCVSS 7.5fixed in 8.3.12018-05-15
CVE-2018-7495 [HIGH] CWE-73 CVE-2018-7495: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
nvd
CVE-2018-7501P3HIGHCVSS 7.5fixed in 8.3.12018-05-15
CVE-2018-7501 [HIGH] CWE-89 CVE-2018-7501: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the h
nvd
CVE-2020-13553P3HIGHCVSS 8.8v9.0.12021-02-17
CVE-2020-13553 [HIGH] CWE-276 CVE-2020-13553: An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
nvd
CVE-2020-13552P3HIGHCVSS 8.8v9.0.12021-02-17
CVE-2020-13552 [HIGH] CWE-276 CVE-2020-13552: An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
nvd
CVE-2020-13555P3HIGHCVSS 8.8v9.0.12021-02-17
CVE-2020-13555 [HIGH] CWE-276 CVE-2020-13555: An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
nvd
CVE-2020-13551P3HIGHCVSS 8.8v9.0.12021-02-17
CVE-2020-13551 [HIGH] CWE-276 CVE-2020-13551: An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
nvd
CVE-2018-7503P3HIGHCVSS 7.5fixed in 8.3.12018-05-15
CVE-2018-7503 [HIGH] CWE-22 CVE-2018-7503: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
nvd
CVE-2018-10590P3HIGHCVSS 7.5fixed in 8.3.12018-05-15
CVE-2018-10590 [HIGH] CWE-548 CVE-2018-10590: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find importan
nvd
CVE-2018-18999P3HIGHCVSS 7.3v8.3.22018-12-19
CVE-2018-18999 [HIGH] CWE-20 CVE-2018-18999: WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper vali WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
nvd
CVE-2021-32954P3MEDIUMCVSS 6.5≤ 9.0.12021-06-18
CVE-2021-32954 [MEDIUM] CWE-23 CVE-2021-32954: Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
nvd
CVE-2024-2453P3MEDIUMCVSS 6.4v9.1.5U2024-03-21
CVE-2024-2453 [MEDIUM] CWE-89 CVE-2024-2453: There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authen There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
nvd
CVE-2020-13554P3HIGHCVSS 7.8v9.0.12021-03-03
CVE-2020-13554 [HIGH] CWE-276 CVE-2020-13554: An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
nvd
CVE-2018-8841P3HIGHCVSS 7.8fixed in 8.3.12018-05-15
CVE-2018-8841 [HIGH] CWE-269 CVE-2018-8841: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be give
nvd
CVE-2019-6554P3HIGHCVSS 7.5vVersions 8.3.5 and prior.2019-04-05
CVE-2019-6554 [HIGH] CWE-284 CVE-2019-6554: Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may al Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
nvd
CVE-2023-2866P3HIGHCVSS 7.8v8.4.52023-06-07
CVE-2023-2866 [HIGH] CWE-351 CVE-2023-2866: If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Ad If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
nvd
CVE-2021-22674P3MEDIUMCVSS 6.5fixed in 8.4.5≥ 9.0, < 9.0.12021-08-10
CVE-2021-22674 [MEDIUM] CWE-23 CVE-2021-22674: The affected product is vulnerable to a relative path traversal condition, which may allow an attack The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
nvd
Advantech Webaccess Scada vulnerabilities | cvebase