Filtered by vendor Advantech
Subscriptions
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | ||||
CVE-2018-7503 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | ||||
CVE-2022-2142 | 1 Advantech | 1 Iview | 2024-09-16 | 8.1 High |
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | ||||
CVE-2018-8841 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | ||||
CVE-2023-5642 | 1 Advantech | 1 R-seenet | 2024-09-13 | 9.8 Critical |
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | ||||
CVE-2011-4523 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
CVE-2011-4525 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. | ||||
CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | ||||
CVE-2011-4526 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | ||||
CVE-2011-4522 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
CVE-2011-4524 | 1 Advantech | 1 Advantech Webaccess | 2024-08-07 | N/A |
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. | ||||
CVE-2011-0488 | 2 Advantech, Indusoft | 2 Advantech Studio, Web Studio | 2024-08-06 | N/A |
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. | ||||
CVE-2011-0340 | 2 Advantech, Indusoft | 3 Advantech Studio, Thin Client, Web Studio | 2024-08-06 | N/A |
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. | ||||
CVE-2012-0243 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. | ||||
CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2012-0241 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | ||||
CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | ||||
CVE-2012-0237 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | ||||
CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | ||||
CVE-2012-0234 | 1 Advantech | 1 Advantech Webaccess | 2024-08-06 | N/A |
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. |