Vulnerabilities (CVE)

Vendor filter

Advantech Subscribe

Product filter

Webaccess Subscribe

Filter

70 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10991 1 Advantech 1 Webaccess 2019-07-02 7.5
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10989 1 Advantech 1 Webaccess 2019-07-02 7.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution....
CVE-2019-3954 1 Advantech 1 Webaccess 2019-06-19 7.5
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
CVE-2019-3953 1 Advantech 1 Webaccess 2019-06-19 7.5
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-6519 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-6521 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6523 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2018-15705 1 Advantech 1 Webaccess 2018-12-12 8.5
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability...
CVE-2018-15704 1 Advantech 1 Webaccess 2018-12-03 9.0
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
CVE-2014-8387 1 Advantech 2 Eki-6340 Firmware, Eki-6340 2018-10-09 9.0
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
CVE-2017-16716 1 Advantech 1 Webaccess 2018-02-02 7.5
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVE-2012-0244 1 Advantech 1 Advantech Webaccess 2018-01-05 7.5
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
CVE-2012-0243 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
CVE-2012-0242 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
CVE-2012-0240 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0238 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2012-0234 1 Advantech 1 Advantech Webaccess 2018-01-05 7.5
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
CVE-2011-4526 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
CVE-2011-4525 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
CVE-2011-4524 1 Advantech 1 Advantech Webaccess 2018-01-05 10.0
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.