Filtered by vendor Advantech
Subscriptions
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-8845 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-17 | 9.8 Critical |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | ||||
CVE-2022-2139 | 1 Advantech | 1 Iview | 2024-09-17 | 6.5 Medium |
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | ||||
CVE-2021-33023 | 1 Advantech | 1 Webaccess | 2024-09-17 | 9.8 Critical |
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | ||||
CVE-2013-1627 | 2 Advantech, Indusoft | 2 Advantech Studio, Web Studio | 2024-09-17 | N/A |
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. | ||||
CVE-2018-7495 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-17 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. | ||||
CVE-2018-15706 | 1 Advantech | 1 Webaccess | 2024-09-17 | N/A |
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | ||||
CVE-2018-14816 | 1 Advantech | 1 Webaccess | 2024-09-17 | 9.8 Critical |
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | ||||
CVE-2017-5175 | 1 Advantech | 1 Webaccess | 2024-09-17 | N/A |
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | ||||
CVE-2018-7497 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-17 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | ||||
CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2024-09-17 | N/A |
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | ||||
CVE-2018-10589 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-17 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | ||||
CVE-2018-8835 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-09-17 | N/A |
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
CVE-2018-8833 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-09-17 | 7.8 High |
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
CVE-2022-2138 | 1 Advantech | 1 Iview | 2024-09-17 | 8.2 High |
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | ||||
CVE-2022-2137 | 1 Advantech | 1 Iview | 2024-09-17 | 4.9 Medium |
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | ||||
CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-09-17 | 5.4 Medium |
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | ||||
CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2024-09-17 | N/A |
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | ||||
CVE-2022-2135 | 1 Advantech | 1 Iview | 2024-09-16 | 7.5 High |
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | ||||
CVE-2022-2136 | 1 Advantech | 1 Iview | 2024-09-16 | 8.8 High |
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | ||||
CVE-2018-8837 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-09-16 | N/A |
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. |