Filtered by vendor Advantech Subscriptions
Total 301 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10638 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
CVE-2020-10631 1 Advantech 1 Webaccess\/nms 2024-11-21 9.8 Critical
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVE-2020-10629 1 Advantech 1 Webaccess\/nms 2024-11-21 7.5 High
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
CVE-2020-10625 1 Advantech 1 Webaccess\/nms 2024-11-21 9.8 Critical
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
CVE-2020-10623 1 Advantech 1 Webaccess\/nms 2024-11-21 6.5 Medium
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVE-2020-10621 1 Advantech 1 Webaccess\/nms 2024-11-21 9.8 Critical
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVE-2020-10619 1 Advantech 1 Webaccess\/nms 2024-11-21 9.1 Critical
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVE-2020-10617 1 Advantech 1 Webaccess\/nms 2024-11-21 7.5 High
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVE-2020-10607 1 Advantech 1 Webaccess 2024-11-21 8.8 High
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVE-2020-10603 1 Advantech 1 Webaccess\/nms 2024-11-21 8.8 High
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
CVE-2019-6554 1 Advantech 1 Webaccess 2024-11-21 7.5 High
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
CVE-2019-6552 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
CVE-2019-6550 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
CVE-2019-6523 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVE-2019-6521 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6519 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-3975 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
CVE-2019-3954 1 Advantech 1 Webaccess 2024-11-21 N/A
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
CVE-2019-3953 1 Advantech 1 Webaccess 2024-11-21 N/A
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-3951 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.