Vulnerabilities (CVE)

Vendor filter

Advantech Subscribe

Filter

143 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6550 1 Advantech 1 Webaccess 2019-07-02 N/A
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
CVE-2019-10993 1 Advantech 1 Webaccess 2019-07-02 7.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
CVE-2019-10991 1 Advantech 1 Webaccess 2019-07-02 7.5
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10989 1 Advantech 1 Webaccess 2019-07-02 7.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution....
CVE-2019-10987 1 Advantech 1 Webaccess 2019-07-02 6.8
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10985 1 Advantech 1 Webaccess 2019-07-02 6.4
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while...
CVE-2019-10983 1 Advantech 1 Webaccess 2019-07-02 5.0
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
CVE-2019-3954 1 Advantech 1 Webaccess 2019-06-19 7.5
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
CVE-2019-3953 1 Advantech 1 Webaccess 2019-06-19 7.5
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-3941 1 Advantech 1 Webaccess 2019-05-06 6.4
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
CVE-2019-3940 1 Advantech 1 Webaccess 2019-04-10 7.5
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
CVE-2019-6519 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-6521 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6523 1 Advantech 1 Webaccess%2fscada 2019-02-06 7.5
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2018-15706 1 Advantech 1 Webaccess 2019-01-30 6.8
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
CVE-2018-18999 1 Advantech 1 Webaccess%2fscada 2019-01-11 7.5
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
CVE-2018-15705 1 Advantech 1 Webaccess 2018-12-12 8.5
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability...
CVE-2018-15707 1 Advantech 1 Webaccess 2018-12-12 3.5
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
CVE-2018-17908 1 Advantech 1 Webaccess 2018-12-06 7.2
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.
CVE-2018-17910 1 Advantech 1 Webaccess 2018-12-06 9.3
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.