cbcvebase.

Advantech Webaccess Scada vulnerabilities

10 known vulnerabilities affecting advantech_webaccess/scada.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2019-3953P2CRITICALCVSS 9.8v8.4.02019-06-18
CVE-2019-3953 [CRITICAL] CWE-787 CVE-2019-3953: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
nvd
CVE-2019-3954P2CRITICALCVSS 9.8v8.4.02019-06-19
CVE-2019-3954 [CRITICAL] CWE-787 CVE-2019-3954: Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated atta Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
nvd
CVE-2019-3951P3CRITICALCVSS 9.8v8.4.2.2019-12-12
CVE-2019-3951 [CRITICAL] CWE-121 CVE-2019-3951: Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code o Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
nvd
CVE-2020-25161P3HIGHCVSS 8.8vVersions 9.0 and prior2021-02-23
CVE-2020-25161 [HIGH] CWE-73 CVE-2020-25161: The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
nvd
CVE-2021-22669P3HIGHCVSS 8.8vWebAccess/SCADA Versions 9.0.1 and prior2021-04-26
CVE-2021-22669 [HIGH] CWE-732 CVE-2021-22669: Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
nvd
CVE-2021-32954P3MEDIUMCVSS 6.5vWebAccess/SCADA Versions 9.0.1 and prior2021-06-18
CVE-2021-32954 [MEDIUM] CWE-23 CVE-2021-32954: Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
nvd
CVE-2018-5443P4MEDIUMCVSS 5.3vAdvantech WebAccess/SCADA2018-01-25
CVE-2018-5443 [MEDIUM] CWE-89 CVE-2018-5443: A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. W A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
nvd
CVE-2018-5445P4MEDIUMCVSS 5.3vAdvantech WebAccess/SCADA2018-01-25
CVE-2018-5445 [MEDIUM] CWE-22 CVE-2018-5445: A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
nvd
CVE-2021-32956P4MEDIUMCVSS 6.1vWebAccess/SCADA Versions 9.0.1 and prior2021-06-18
CVE-2021-32956 [MEDIUM] CWE-601 CVE-2021-32956: Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
nvd
CVE-2021-27436P4MEDIUMCVSS 6.1vVersions 9.0 and prior2021-03-18
CVE-2021-27436 [MEDIUM] CWE-79 CVE-2021-27436: WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an att WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
nvd
Advantech Webaccess Scada vulnerabilities | cvebase