Filtered by vendor Advantech
Subscriptions
Total
301 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | ||||
CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | ||||
CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | ||||
CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 Medium |
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | ||||
CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.1 Critical |
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.8 High |
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||||
CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 8.8 High |
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | ||||
CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 High |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | ||||
CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | ||||
CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | ||||
CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | ||||
CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | ||||
CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | ||||
CVE-2019-3975 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | ||||
CVE-2019-3954 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | ||||
CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2024-11-21 | N/A |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | ||||
CVE-2019-3951 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. |