Filtered by vendor Advantech
Subscriptions
Filtered by product Webaccess\/scada
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32628 | 1 Advantech | 1 Webaccess\/scada | 2024-08-02 | 7.2 High |
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | ||||
CVE-2023-32540 | 1 Advantech | 1 Webaccess\/scada | 2024-08-02 | 7.2 High |
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | ||||
CVE-2023-22450 | 1 Advantech | 1 Webaccess\/scada | 2024-08-02 | 7.2 High |
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | ||||
CVE-2023-1437 | 1 Advantech | 1 Webaccess\/scada | 2024-08-02 | 9.8 Critical |
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. |