Lucene search
K

1697 matches found

BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.3 views

The vulnerability of the software-based remote monitoring system Advantech WebAccess allows a intruder to gain access to the file system, re-write files, and execute commands.

The vulnerability of the software-based remote monitoring system Advantech WebAccess relates to the use of an untrusted pointer. Exploiting this vulnerability could allow a malicious actor to gain access to the file system, potentially enabling them to overwrite files and execute commands...

10CVSS7.8AI score0.02798EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/02 11:15 p.m.13 views

Design/Logic Flaw

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

7.5CVSS9.8AI score0.02798EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/02 10:30 p.m.46 views

CVE-2023-1437 CVE-2023-1437

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute...

9.8CVSS10AI score0.02798EPSS
Exploits0References1
CVE
CVE
added 2023/08/02 10:30 p.m.45 views

CVE-2023-1437

Advantech WebAccess/SCADA (all versions prior to 9.1.4) is affected by CVE-2023-1437 due to untrusted pointer handling in RPC arguments, enabling a remote attacker to access the remote file system and potentially execute commands or overwrite files. The root cause is untrusted pointers dereferenc...

9.8CVSS9.9AI score0.02798EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.5 views

The vulnerability of the Advantech WebAccess remote monitoring software lies in its insufficient verification of data authenticity, allowing a intruder to execute arbitrary code.

The vulnerability of Advantech WebAccess remote monitoring software is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

7.8CVSS7.6AI score0.00142EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/15 12:0 a.m.3 views

PT-2023-4939 · Advantech · Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess/SCADA versions prior to 9.1.4 Description: The issue is related to the use of untrusted pointers in the software. Specifically, the RPC arguments sent by the client could contain raw memory pointers that the server uses...

9.8CVSS9.6AI score0.02798EPSS
Exploits0References7
ICS
ICS
added 2023/06/15 6:0 a.m.31 views

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker gaining remote file system...

9.8CVSS10AI score0.02798EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/06/09 12:0 a.m.5 views

The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to the unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.

The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9.3CVSS7.5AI score0.0083EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/07 9:15 p.m.3 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/07 8:12 p.m.11 views

CVE-2023-2866 Advantech WebAccess Insufficient Type Distinction

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server...

7.3CVSS6.7AI score0.00142EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/07 12:0 a.m.8 views

Advantech WebAccess/SCADA Arbitrary File Upload Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary file upload vulnerability exists i...

7.2CVSS7.3AI score0.0083EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/07 12:0 a.m.4 views

Advantech WebAccess/SCADA Arbitrary File Overwrite Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary file overwrite vulnerability exist...

9.8CVSS7.5AI score0.00898EPSS
Exploits0References1
CNVD
CNVD
added 2023/06/07 12:0 a.m.6 views

Advantech WebAccess/SCADA Arbitrary File Upload Vulnerability (CNVD-2024-15541)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An arbitrary file upload vulnerability exists i...

9.8CVSS7.6AI score0.00713EPSS
Exploits0References1
OSV
OSV
added 2023/06/06 12:15 a.m.4 views

CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

9.8CVSS5.9AI score0.00898EPSS
Exploits0References1
OSV
OSV
added 2023/06/06 12:15 a.m.3 views

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...

9.8CVSS6.1AI score0.00713EPSS
Exploits0References1
Prion
Prion
added 2023/06/06 12:15 a.m.13 views

Design/Logic Flaw

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...

7.5CVSS9.7AI score0.00713EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/06/06 12:15 a.m.13 views

Design/Logic Flaw

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

7.5CVSS9.6AI score0.00898EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/05 11:16 p.m.7 views

CVE-2023-32540

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system including system files, inject code into an XLS file, and modify the file extension, which could lead to arbitrary code...

7.2CVSS7.3AI score0.00898EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/05 11:14 p.m.17 views

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...

7.2CVSS9.8AI score0.00713EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/05 11:14 p.m.6 views

CVE-2023-32628

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution...

7.2CVSS7.5AI score0.00713EPSS
Exploits0References1
Rows per page
Query Builder