Filtered by vendor Advantech
Subscriptions
Filtered by product Webaccess
Subscriptions
Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12706 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | ||||
| CVE-2017-12702 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | ||||
| CVE-2017-5154 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | ||||
| CVE-2017-5152 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | ||||
| CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | ||||
| CVE-2018-17910 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | ||||
| CVE-2018-6911 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | ||||
| CVE-2019-13550 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | ||||
| CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | ||||
| CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2024-08-04 | 8.8 High |
| In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||||
| CVE-2019-13552 | 1 Advantech | 1 Webaccess | 2024-08-04 | 8.8 High |
| In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | ||||
| CVE-2019-10985 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.1 Critical |
| In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | ||||
| CVE-2019-10987 | 1 Advantech | 1 Webaccess | 2024-08-04 | 8.8 High |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||||
| CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | ||||
| CVE-2019-10989 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | ||||
| CVE-2019-10991 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||||
| CVE-2019-10983 | 1 Advantech | 1 Webaccess | 2024-08-04 | 7.5 High |
| In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | ||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | ||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-08-04 | 7.5 High |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | ||||