2696 matches found
CVE-2020-10617
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS versions prior to 3.0.2 to gain access to sensitive information...
CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's versions prior to 3.0.2 control...
CVE-2020-10603
WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...
CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS versions prior to 3.0.2...
CVE-2020-10638
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution...
CVE-2020-10629
WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...
CVE-2020-10625
WebAccess/NMS versions prior to 3.0.2 allows an unauthenticated remote user to create a new admin account...
CVE-2020-10607
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution...
CVE-2019-16901
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4...
CVE-2019-16899
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PMV3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918...
CVE-2019-16900
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c...
Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11781)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in...
Advantech WebAccess/SCADA SQL Injection Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...
Advantech WebAccess/SCADA Directory Traversal Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...
Advantech WebAccess/SCADA Directory Traversal Vulnerability (CNVD-2026-11783)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. Advantech WebAccess/SCADA suffers from a...
Advantech WebAccess/SCADA Code Issue Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...
CVE-2025-14848
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files...
CVE-2025-14850
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files...
CVE-2025-46268
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...
CVE-2025-14849
Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code...