Filtered by vendor Advantech
Subscribe
Total
296 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12704 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | |||||
| CVE-2017-12702 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2017-12698 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | |||||
| CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2019-09-26 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | |||||
| CVE-2018-6911 | 1 Advantech | 1 Webaccess | 2019-08-02 | 10.0 HIGH | 9.8 CRITICAL |
| The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | |||||
| CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | |||||
| CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 8.6 HIGH |
| WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | |||||
| CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2018-15706 | 1 Advantech | 1 Webaccess | 2019-01-30 | 6.8 MEDIUM | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | |||||
| CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2018-12-12 | 8.5 HIGH | 6.5 MEDIUM |
| WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | |||||
| CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2018-12-12 | 3.5 LOW | 5.4 MEDIUM |
| Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | |||||
| CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2018-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | |||||
| CVE-2014-8387 | 1 Advantech | 2 Eki-6340, Eki-6340 Firmware | 2018-10-09 | 9.0 HIGH | N/A |
| cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi. | |||||
| CVE-2017-16716 | 1 Advantech | 1 Webaccess | 2018-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0243 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | |||||
| CVE-2012-0242 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. | |||||
| CVE-2012-0241 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||||
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 10.0 HIGH | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2018-01-05 | 5.0 MEDIUM | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | |||||