1697 matches found
CVE-2020-13550
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability...
CVE-2020-13552
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to...
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection', 'Description' = %q This module exploits a SQL injecti...
Advantech WebAccess 8.1 Post Authentication Credential Collector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Advantech WebAccess 8.1 Post Authentication Credential Collector", 'Description' = %q This module allows you to log into Advantech WebAccess 8.1,...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...
CVE-2024-2453
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...
CVE-2024-2453 Advantech WebAccess/SCADA SQL Injection
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-081-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the...
Advantech WebAccess/SCADA SQL注入漏洞
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation devices. A SQL injection vulnerability exists in Advantech...
PT-2024-2354 · Advantech · Advantech Webaccess/Scada
Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks, allowing a remote attacker to execute arbitrary SQL queries on the database. This can...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of protection for operational data, which allows a intruder to disclose the protected information.
The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
CVE-2023-4215
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...
CVE-2023-4215
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...
Design/Logic Flaw
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...
Advantech WebAccess Information Disclosure Vulnerability (CNVD-2024-07863)
Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An information disclosure vulnerability exists in...
CVE-2023-4215 Advantech WebAccess Debug Messages Revealing Unnecessary Information
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...
PT-2023-6372 · Advantech · Advantech Webaccess
Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 9.1.3 Description: The issue is related to an exposure of sensitive information to an unauthorized actor, which could lead to the leakage of user credentials. This is due to a lack of protection for service data...
Advantech WebAccess 信息泄露漏洞
Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An information disclosure vulnerability exists in...
CISA Releases Nineteen Industrial Control Systems Advisories
CISA released nineteen Industrial Control Systems ICS advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP products ICSA-23-285-02 Siemens SCALANCE W1750D...
Advantech WebAccess
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Advantech Equipment : WebAccess Vulnerability : Debug Messages Revealing Unnecessary Information 2. RISK EVALUATION Successful exploitation of this vulnerability could leak user credentials...