Filtered by vendor Advantech
Subscriptions
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-18999 | 2 Advantech, Microsoft | 2 Webaccess\/scada, Windows Server 2008 | 2024-08-05 | 7.3 High |
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. | ||||
CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | ||||
CVE-2018-17910 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | ||||
CVE-2018-6911 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | ||||
CVE-2018-5443 | 1 Advantech | 1 Webaccess\/scada | 2024-08-05 | N/A |
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. | ||||
CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2024-08-05 | N/A |
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | ||||
CVE-2019-18257 | 1 Advantech | 1 Diaganywhere | 2024-08-05 | 9.8 Critical |
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server. | ||||
CVE-2019-18227 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-05 | 7.5 High |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | ||||
CVE-2019-18233 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-08-05 | 6.1 Medium |
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | ||||
CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-08-05 | 9.8 Critical |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | ||||
CVE-2019-18231 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-08-05 | 7.5 High |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. | ||||
CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-05 | 6.5 Medium |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | ||||
CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-08-05 | 7.5 High |
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | ||||
CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-08-05 | 7.5 High |
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | ||||
CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-08-05 | 7.5 High |
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | ||||
CVE-2019-13550 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | ||||
CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | ||||
CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2024-08-04 | 8.8 High |
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | ||||
CVE-2019-13547 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-04 | 9.8 Critical |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication. | ||||
CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2024-08-04 | 9.8 Critical |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. |