Lucene search
+L

52 matches found

ICS
ICS
added 2021/08/17 12:0 a.m.79 views

Advantech WebAccess/NMS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/NMS Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the exposure of resources or functionality and...

5.3CVSS5.6AI score0.0089EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2021/07/19 12:0 a.m.32 views

(0Day) Advantech WebAccess/NMS DashBoardAction Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the DashBoardAction endpoint of the web server. The...

5.3CVSS1.8AI score0.0089EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.14 views

Advantech WebAccess/NMS addLinkMonitor SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the addLinkMonitor method of the...

7.5CVSS2.5AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.20 views

Advantech WebAccess/NMS searchDevice SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the searchDevice.action endpoint. When parsin...

7.5CVSS2.1AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.19 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getModelIdByModelName method of the DBUti...

7.5CVSS3.1AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.24 views

Advantech WebAccess/NMS download.jsp Directory Traversal Information Disclosure and Denial-of-Service Vulnerability

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the download.jsp...

9.1CVSS2.5AI score0.01484EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.12 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateClearedEventlogByID method of the...

7.5CVSS2.6AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.15 views

Advantech WebAccess/NMS saveBackground Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the saveBackground.action endpoint. When parsing the...

9.8CVSS5.7AI score0.0159EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/08 12:0 a.m.4 views

Advantech WebAccess/NMS Path Traversal Vulnerability

Advantech WebAccess/NMS is a web browser based software suite for Network Management Systems NMS. A path traversal vulnerability exists in Advantech WebAccess/NMS versions prior to 3.0.2, which can be exploited by an attacker with a specially crafted URL to delete files beyond the control of the...

9.1CVSS6.8AI score0.14327EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.15 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceName method of the DBUtil class...

7.5CVSS2.2AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.21 views

Advantech WebAccess/NMS extProgramAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the extProgramAction.action endpoint. When parsing th...

9.8CVSS5.4AI score0.0159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.26 views

Advantech WebAccess/NMS getFWUpgradeInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processi...

6.5CVSS1.9AI score0.00922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.22 views

Advantech WebAccess/NMS setDevicechoose SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processi...

6.5CVSS2.1AI score0.00922EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.18 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getManagedDeviceByIP method of the DBUtil...

7.5CVSS1.8AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.19 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the deleteLinkMonitor method of the DBUtil...

7.5CVSS2.9AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.19 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the CheckCfgtasknamemodify method of the DBUt...

7.5CVSS2.9AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.28 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setTaskdevice method of the DBUtil class...

7.5CVSS2.6AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.16 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDeviceOidStr method of the DBUtil clas...

7.5CVSS1.1AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.16 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getDevices method of the DBUtil class. Wh...

7.5CVSS2.7AI score0.01263EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/04/08 12:0 a.m.20 views

Advantech WebAccess/NMS DBUtil SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/NMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the CheckEmsnamemodify method of the DBUtil...

7.5CVSS2.9AI score0.01263EPSS
Exploits0References1
Rows per page
Query Builder