Advantech Webaccess Scada vulnerabilities
48 known vulnerabilities affecting advantech/webaccess_scada.
Total CVEs
48
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL16HIGH21MEDIUM11
Vulnerabilities
Page 3 of 3
CVE-2025-14848P3MEDIUMCVSS 5.3v9.2.12025-12-18
CVE-2025-14848 [MEDIUM] CWE-36 CVE-2025-14848: Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker
Advantech WebAccess/SCADA
is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
nvd
CVE-2018-5443P4MEDIUMCVSS 5.3fixed in 8.2_201708172018-01-25
CVE-2018-5443 [MEDIUM] CWE-89 CVE-2018-5443: A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. W
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
nvd
CVE-2018-5445P4MEDIUMCVSS 5.3fixed in 8.2_201708172018-01-25
CVE-2018-5445 [MEDIUM] CWE-22 CVE-2018-5445: A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
nvd
CVE-2021-32956P4MEDIUMCVSS 6.1≤ 9.0.12021-06-18
CVE-2021-32956 [MEDIUM] CWE-601 CVE-2021-32956: Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
nvd
CVE-2018-10591P4MEDIUMCVSS 6.1fixed in 8.3.12018-05-15
CVE-2018-10591 [MEDIUM] CWE-346 CVE-2018-10591: In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAcc
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, stea
nvd
CVE-2021-27436P4MEDIUMCVSS 6.1≤ 9.02021-03-18
CVE-2021-27436 [MEDIUM] CWE-79 CVE-2021-27436: WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an att
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
nvd
CVE-2021-22676P4MEDIUMCVSS 6.1fixed in 8.4.5≥ 9.0, < 9.0.12021-08-10
CVE-2021-22676 [MEDIUM] CWE-79 CVE-2021-22676: UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could all
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCAD
nvd
CVE-2021-38431P4MEDIUMCVSS 4.3≤ 9.0.3≥ All, ≤ 9.0.32021-10-15
CVE-2021-38431 [MEDIUM] CWE-862 CVE-2021-38431: An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functi
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
nvd
← Previous3 / 3