Vulnerabilities (CVE)

Vendor filter

Advantech Subscribe

Product filter

Webaccess Subscribe

Filter

70 total CVE
CVE Vendors Products Updated CVSS
CVE-2011-4521 1 Advantech 1 Advantech Webaccess 2018-01-05 7.5
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.
CVE-2017-5154 1 Advantech 1 Webaccess 2017-11-03 7.5
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the...
CVE-2014-9208 1 Advantech 1 Webaccess 2017-09-16 10.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2011-0488 2 Advantech, Indusoft 2 Web Studio, Advantech Studio 2017-08-17 10.0
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly...
CVE-2016-0860 1 Advantech 1 Webaccess 2016-12-06 10.0
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
CVE-2016-0859 1 Advantech 1 Webaccess 2016-12-03 10.0
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
CVE-2016-0858 1 Advantech 1 Webaccess 2016-12-03 9.3
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
CVE-2016-0857 1 Advantech 1 Webaccess 2016-12-03 10.0
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-0856 1 Advantech 1 Webaccess 2016-12-03 10.0
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-0854 1 Advantech 1 Webaccess 2016-12-03 10.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via...
CVE-2016-2275 1 Advantech 2 Vesp211-eu Firmware, Vesp211-232 Firmware 2016-03-10 10.0
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative...
CVE-2016-0851 1 Advantech 1 Webaccess 2016-01-20 7.8
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.
CVE-2015-6467 1 Advantech 1 Webaccess 2016-01-20 9.3
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
CVE-2015-7938 1 Advantech 2 Eki-1321 Series Firmware, Eki-1322 Series Firmware 2016-01-18 10.0
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
CVE-2015-6476 1 Advantech 5 Eki-1321 Series Firmware, Eki-1361 Series Firmware, Eki-1362 Series Firmware and 2 more 2015-11-09 10.0
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.
CVE-2014-2364 1 Advantech 1 Advantech Webaccess 2015-08-11 7.5
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7)...
CVE-2014-0763 1 Advantech 1 Advantech Webaccess 2015-07-24 7.5
Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions.
CVE-2014-0765 1 Advantech 1 Advantech Webaccess 2015-07-09 7.5
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.
CVE-2014-0766 1 Advantech 1 Advantech Webaccess 2015-07-09 7.5
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument.
CVE-2014-0767 1 Advantech 1 Advantech Webaccess 2015-07-09 7.5
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.