Filtered by vendor Advantech Subscriptions
Total 301 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-10989 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.
CVE-2019-10987 1 Advantech 1 Webaccess 2024-11-21 8.8 High
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-10985 1 Advantech 1 Webaccess 2024-11-21 9.1 Critical
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
CVE-2019-10983 1 Advantech 1 Webaccess 2024-11-21 7.5 High
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
CVE-2019-10961 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 8.8 High
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
CVE-2018-8845 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 9.8 Critical
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-8841 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
CVE-2018-8837 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 N/A
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
CVE-2018-8835 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 N/A
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVE-2018-8833 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 7.8 High
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVE-2018-7505 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
CVE-2018-7503 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
CVE-2018-7501 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
CVE-2018-7499 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 9.8 Critical
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-7497 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
CVE-2018-7495 1 Advantech 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more 2024-11-21 N/A
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
CVE-2018-6911 1 Advantech 1 Webaccess 2024-11-21 N/A
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
CVE-2018-5445 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
CVE-2018-5443 1 Advantech 1 Webaccess\/scada 2024-11-21 N/A
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVE-2018-18999 2 Advantech, Microsoft 2 Webaccess\/scada, Windows Server 2008 2024-11-21 7.3 High
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.