Lucene search
K

1697 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 1:43 p.m.10 views

CVE-2020-13550

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability...

7.7CVSS6AI score0.03488EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 1:42 p.m.7 views

CVE-2020-13552

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to...

8.8CVSS7.3AI score0.00504EPSS
Exploits1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.151 views

Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection', 'Description' = %q This module exploits a SQL injecti...

7.5CVSS7AI score0.1903EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.184 views

Advantech WebAccess 8.1 Post Authentication Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Advantech WebAccess 8.1 Post Authentication Credential Collector", 'Description' = %q This module allows you to log into Advantech WebAccess 8.1,...

9.8CVSS7AI score0.15356EPSS
Exploits3
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.4 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures, allowing attackers to execute arbitrary SQL queries against the database.

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

6.4CVSS6AI score0.003EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/21 11:15 p.m.26 views

CVE-2024-2453

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...

6.4CVSS6.6AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/21 10:39 p.m.27 views

CVE-2024-2453 Advantech WebAccess/SCADA SQL Injection

There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database...

6.4CVSS6.8AI score0.003EPSS
Exploits0References1
CISA
CISA
added 2024/03/21 12:0 p.m.5 views

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on March 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-081-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the...

7AI score
Exploits0References1
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.2 views

Advantech WebAccess/SCADA SQL注入漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation devices. A SQL injection vulnerability exists in Advantech...

6.4CVSS7.8AI score0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.4 views

PT-2024-2354 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA affected versions not specified Description: The issue is related to a lack of protection against SQL query structure attacks, allowing a remote attacker to execute arbitrary SQL queries on the database. This can...

6.4CVSS7.7AI score0.003EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2023/10/25 12:0 a.m.6 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in the lack of protection for operational data, which allows a intruder to disclose the protected information.

The vulnerability of Advantech WebAccess remote monitoring software lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

7.8CVSS7.2AI score0.00465EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/10/17 12:15 a.m.13 views

CVE-2023-4215

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...

7.5CVSS6.7AI score0.00465EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 12:15 a.m.6 views

CVE-2023-4215

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...

7.5CVSS5.8AI score0.00465EPSS
Exploits0References1
Prion
Prion
added 2023/10/17 12:15 a.m.19 views

Design/Logic Flaw

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...

5CVSS7.2AI score0.00465EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2023/10/17 12:0 a.m.6 views

Advantech WebAccess Information Disclosure Vulnerability (CNVD-2024-07863)

Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An information disclosure vulnerability exists in...

7.5CVSS6.3AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/16 11:40 p.m.11 views

CVE-2023-4215 Advantech WebAccess Debug Messages Revealing Unnecessary Information

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials...

6.5CVSS6.6AI score0.00465EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.3 views

PT-2023-6372 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 9.1.3 Description: The issue is related to an exposure of sensitive information to an unauthorized actor, which could lead to the leakage of user credentials. This is due to a lack of protection for service data...

7.8CVSS6.9AI score0.00465EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/10/13 12:0 a.m.4 views

Advantech WebAccess 信息泄露漏洞

Advantech WebAccess is a set of HMI/SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An information disclosure vulnerability exists in...

7.5CVSS6.2AI score0.00465EPSS
Exploits0References4
CISA
CISA
added 2023/10/12 12:0 p.m.4 views

CISA Releases Nineteen Industrial Control Systems Advisories

CISA released nineteen Industrial Control Systems ICS advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP products ICSA-23-285-02 Siemens SCALANCE W1750D...

6.9AI score
Exploits0References19
ICS
ICS
added 2023/10/12 6:0 a.m.24 views

Advantech WebAccess

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Advantech Equipment : WebAccess Vulnerability : Debug Messages Revealing Unnecessary Information 2. RISK EVALUATION Successful exploitation of this vulnerability could leak user credentials...

7.5CVSS7.2AI score0.00465EPSS
Exploits0References10
Rows per page
Query Builder