103 matches found
CVE-2019-13558
The CVE-2019-13558 vulnerability affects Advantech WebAccess (versions 8.4.1 and earlier). Root cause: improper control of generation of code (code injection) that can be triggered over the network, potentially allowing remote code execution, data exfiltration, or a system crash. The primary affe...
CVE-2019-13556
Advantech WebAccess (versions 8.4.1 and earlier) contains stack-based buffer overflow vulnerabilities in multiple components (e.g., giffconv.exe, cnvlgxtag.exe, bwrunrpt.exe) caused by improper validation of the length of user-supplied data. Exploitation can lead to remote code execution with Adm...
CVE-2019-13552
Advantech WebAccess (version 8.4.1 and earlier) contains multiple command-injection vulnerabilities due to improper validation of user-supplied data, impacting the WebAccess Node and related components. The CVE-2019-13552 entry specifically covers command injection that can lead to arbitrary file...
CVE-2020-10607
CVE-2020-10607 affects Advantech WebAccess (versions 8.4.2 and earlier). It is a stack-based buffer overflow caused by inadequate validation of the length of user-supplied data, enabling remote code execution. Public sources in the connected set confirm the affected product (WebAccess), the vulne...
CVE-2019-3954
CVE-2019-3954 affects Advantech WebAccess/SCADA 8.4.0. The vulnerability is a stack-based buffer overflow in the product that can be triggered remotely by an unauthenticated attacker through a crafted IOCTL 81024 RPC call, allowing arbitrary code execution. Multiple sources (NVD, Red Hat advisory...
CVE-2019-13550
Affected product: Advantech WebAccess (HMI/SCADA platform). The issue is CVE-2019-13550: improper authorization in WebAccess 8.4.1 and earlier that may allow an attacker to disclose sensitive information and, via improper control of generation of code, potentially enable remote code execution or ...
CVE-2016-0856
CVE-2016-0856 affects Advantech WebAccess (pre-8.1). The root cause is a stack-based buffer overflow in the bwconn.dll RpcWebClientConnect path (IoRequest structure) that can be triggered remotely to execute arbitrary code. Public PoCs and PoC-style repositories on Gitee describe a Python/ctypes-...
CVE-2019-10993
CVE-2019-10993 corresponds to multiple untrusted pointer dereference vulnerabilities in Advantech WebAccess/SCADA environments (and WebAccess Node viewsrv) that permit remote code execution. The connected ZDI advisories describe specific 0x27xx IOCTL/0x27E? interfaces in the webvrpcs process wher...
CVE-2019-3953
CVE-2019-3953 affects Advantech WebAccess/SCADA 8.4.0. A stack-based buffer overflow exists when handling IOCTL 10012 RPC calls, allowing a remote, unauthenticated attacker to execute arbitrary code. The entry is corroborated by multiple sources (NVD and national/national vulnerability databases)...
CVE-2017-14016
CVE-2017-14016 affects Advantech WebAccess prior to version V8.2_20170817 . The vulnerability is a stack-based buffer overflow in the Webvrpcs DCERPC service (opcode 80061) caused by insufficient validation of user-supplied data length before copying to a stack buffer, enabling remote code execut...
CVE-2019-10991
Insight: CVE-2019-10991 corresponds to a stack-based buffer overflow in Advantech WebAccess/SCADA (and related WebAccess products) prior to version 8.3.6 where user-supplied data length is not properly validated before copying into a fixed-size buffer, enabling remote code execution. Connected ad...
CVE-2016-0857
CVE-2016-0857 maps to multiple heap-based buffer overflow issues in Advantech WebAccess prior to 8.1. Technical details in connected advisories specify vulnerable components and paths, including a heap-overflow in the BwpAlarm subsystem (BwpAlarm.dll) via a strcpy-based overflow, and related heap...
CVE-2017-16720
CVE-2017-16720 affects Advantech WebAccess, prior to version 8.3. The issue is a directory traversal vulnerability (improper input validation) in WebAccess that could allow an attacker to access files outside the intended directory, with potential remote code execution depending on the exposure. ...
CVE-2019-10989
Technical details for CVE-2019-10989 are not publicly available in the provided documents. Monitor for updates to affected product versions and mitigations.
CVE-2018-15705
Summary: CVE-2018-15705 is a directory traversal vulnerability in Advantech WebAccess WADashboard API (writeFile) that allows remote authenticated attackers to write/overwrite arbitrary files and potentially execute arbitrary code. Affected versions include 8.3.1 and 8.3.2. The root cause is inad...
CVE-2019-10987
Summary of CVE-2019-10987 : The vulnerability affects Advantech WebAccess/SCADA (and related WebAccess Node components) prior to version 8.4.1, specifically in the webvrpcs/bwdraw components. It is caused by insufficient validation of the length of user-supplied data, leading to out-of-bounds wri...
CVE-2019-6550
Advantech WebAccess/SCADA CVE-2019-6550 affects version 8.3.5 and earlier, with multiple stack-based buffer overflow vulnerabilities caused by insufficient validation of user-supplied data length. Exploitation can lead to remote code execution. Documented vulnerable components include various exe...
CVE-2017-12713
Advantech WebAccess before version V8.2_20170817 is affected by CVE-2017-12713: Incorrect Permission Assignment for Critical Resource, where non-administrator accounts can modify multiple files/folders with ACLs that affect other users. This is a local-privilege-escalation issue rooted in access ...
CVE-2017-16716
Advantech WebAccess prior to version 8.3 is affected by a SQL Injection vulnerability (CVE-2017-16716) caused by inadequate input sanitization. A remote attacker could exploit this to execute arbitrary code in the WebAccess service. Public PoCs and advisories (ZDI-18-065, Exploit-DB listing) desc...
CVE-2018-15707
Advantech WebAccess 8.3.1/8.3.2 are affected by a Bwmainleft.asp cross-site scripting vulnerability (CVE-2018-15707). The XSS can disclose credentials among other data. Connected sources include exploit listings and writeups illustrating the vulnerability and, in at least one reference, that user...
CVE-2019-10983
CVE-2019-10983 affects Advantech WebAccess/SCADA versions 8.3.5 and earlier, with an out-of-bounds read in viewsrv.dll caused by improper validation of user-supplied data. This can disclose information. The ZDI advisory (ZDI-19-621) and related sources describe the vulnerability and indicate reme...
CVE-2019-10985
Advantech WebAccess/SCADA — CVE-2019-10985 affects versions 8.3.5 and earlier. Root cause: path traversal due to insufficient validation of a user-supplied path before file operations, enabling an attacker to delete files (as Administrator). Connected sources indicate remote exploitation potentia...
CVE-2019-6554
CVE-2019-6554 affects Advantech WebAccess/SCADA prior to 8.4.0. It is an improper access control vulnerability that may allow a remote attacker to cause a denial-of-service by abusing a command invocation path. The ZDI advisory details a flaw in UninstallWA.exe exposed via the 0x2711 IOCTL in the...
CVE-2019-3975
Advantech WebAccess/SCADA 8.4.1 is affected by CVE-2019-3975 due to a stack-based buffer overflow in the webvprcs/IOCTL 70603 RPC handling, enabling a remote, unauthenticated attacker to execute arbitrary code. This is confirmed across multiple sources (Red Hat advisory, CNVD, NVD entry) with imp...
CVE-2020-10638
Advantech WebAccess Node (versions 8.4.4 and prior, 9.0.0) contains multiple heap-based buffer overflow vulnerabilities caused by improper validation of the length of user-supplied data, enabling remote code execution. Public disclosures detail several IOCTL-based flaws in WebAccess/SCADA compone...
CVE-2017-12717
Technical details about CVE-2017-12717 are not provided in the connected documents. The initial description notes an uncontrolled search path element in Advantech WebAccess before V8.2_20170817, but no further details are available here. Monitor for updates.
CVE-2017-16728
CVE-2017-16728 concerns Advantech WebAccess before 8.3, where an untrusted pointer dereference in the webvrpcs/drawsrv components can cause invalid memory dereference. Public sources describe potential crashes and, in ZDI advisories, remote code execution scenarios without authentication via IOCT...
CVE-2018-7499
Advantech WebAccess family (WebAccess, WebAccess Dashboard, Scada Node, NMS) contains stack-based buffer overflow vulnerabilities in multiple components, enabling remote code execution. The CVE entry cites several affected versions up to specific builds and describes unchecked data copying into s...
CVE-2014-8388
Advantech WebAccess/ Webeye ActiveX control (webeye.ocx) is affected by a stack-based buffer overflow in the ip_address parameter parsing. The vulnerability arises from insufficient input validation within the ActiveX control, allowing a remote attacker to supply a crafted HTML document to trigge...
CVE-2016-0860
CVE-2016-0860 describes a buffer overflow in the BwpAlarm subsystem of Advantech WebAccess prior to 8.1, allowing remote attackers to cause a denial of service via a crafted RPC request. Public docs confirm the affected product (Advantech WebAccess), version before 8.1, and remote-execution/DoS r...
CVE-2018-6911
The CVE-2018-6911 entry concerns Advantech WebAccess 8.3.0, where the VBWinExec function in Node\AspVBObj.dll can be triggered remotely to execute arbitrary OS commands via a single argument. This is a remote code execution flaw rooted in the VBWinExec interface and its handling of the command pa...
CVE-2014-9208
CVE-2014-9208 affects Advantech WebAccess/SCADA, involving multiple stack-based buffer overflows in ASPVCObj ActiveX controls (AspDataDriven/UpdateProject) that can be exploited remotely via crafted web pages to achieve code execution in the context of the logged-in user. Technical details in con...
CVE-2016-0855
CVE-2016-0855 concerns Advantech WebAccess (pre-8.1). The vulnerability is a directory traversal in the WebAccess Dashboard/Viewer that could allow remote attackers to list arbitrary files in a virtual directory via unspecified vectors. Public references from ZDI describe related dashboard viewer...
CVE-2020-12014
Advantech WebAccess Node (versions 8.4.4 and prior, 9.0.0) is affected by CVE-2020-12014: SQL injection due to improper input sanitization in BwWebSvc/SQL query construction. The Red Hat and NVD entries confirm the issue in WebAccess Node. Impact noted as potential credential disclosure and infor...
CVE-2015-3948
Summary : CVE-2015-3948 is a cross-site scripting (XSS) vulnerability in Advantech WebAccess prior to 8.1. The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. According to NVD, the CVSS base score (v3) is 5.4 (Medium) with network access, lo...
CVE-2018-17910
Advantech WebAccess is affected by CVE-2018-17910 through a stack-based buffer overflow in the WebAccess Client component. The root cause is improper validation of the length of user-supplied data, leading to a stack-based overflow in bwswfcfg.exe accessed via 0x2711 IOCTL in the webvrpcs process...
CVE-2020-12022
CVE-2020-12022 affects Advantech WebAccess Node versions 8.4.4 and prior, and 9.0.0. The vulnerability is an improper validation of array index that could allow an attacker to inject specially crafted input into memory where it can be executed, resulting in remote code execution. Public disclosur...
CVE-2015-3947
Advantech WebAccess (before 8.1) is affected by a SQL Injection vulnerability (CWE-89) that allows remote authenticated users to execute arbitrary SQL commands, potentially modifying web server settings, accounts, and projects. Root cause details are described in PT-2016-03: SQL Injection in WebA...
CVE-2017-12711
CVE-2017-12711 affects Advantech WebAccess prior to V8.2_20170817. The root cause is an Incorrect Privilege Assignment where a built-in user account has been granted a sensitive privilege, potentially allowing elevation to administrative privileges. Impact is elevated access with high severity (p...
CVE-2017-5152
Advantech WebAccess v8.1 contains an authentication bypass vulnerability accessible via a crafted URL, allowing unrestricted page access (CVE-2017-5152). Root cause is inadequate access control for web server resources, with CVSSv3.0 base score 9.1 (Network, Low attack complexity, no privileges r...
CVE-2018-7495
CVE-2018-7495 affects Advantech WebAccess family (WebAccess, WebAccess Dashboard, Scada Node, NMS) due to an external control of file name or path caused by insufficient validation of user-supplied paths before file operations. This may allow an attacker to delete arbitrary files. Affected versio...
CVE-2020-12002
CVE-2020-12002 affects Advantech WebAccess Node (versions 8.4.4 and prior, 9.0.0). The issue is described as multiple stack-based buffer overflow vulnerabilities caused by insufficient validation of the length of user-supplied data, which may allow remote code execution. Connected documents (ZDI ...
CVE-2020-12019
CVE-2020-12019 affects Advantech WebAccess Node (Version 8.4.4 and prior). The Red Hat/NVD/NVD-derived entries and ZDI advisories describe a stack-based buffer overflow in the DATACORE/WebAccess Node component that enables remote code execution without authentication. Exploitation is remote and u...
CVE-2014-9202
CVE-2014-9202 affects Advantech WebAccess (before 8.0_20150816). Multiple stack-based buffer overflows in an unspecified DLL could allow arbitrary code execution via a crafted file that triggers long string arguments. CVSS v2 base score 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C). Affected products are WebA...
CVE-2016-0854
Affected product: Advantech WebAccess, specifically the Dashboard Viewer component of WebAccess prior to version 8.1. Vulnerability summary: Unrestricted upload of a file with dangerous type via the UploadAjaxAction script (uploadImageCommon/uploadFile/uploadBannerImage paths) in the WebAccess Da...
CVE-2017-12706
Advantech WebAccess contains a stack-based buffer overflow in versions prior to V8.2_20170817 caused by insufficient validation of the length of user-supplied data copied into a stack buffer. This could allow remote execution of arbitrary code in the process context. Affected product: Advantech W...
CVE-2017-16724
CVE-2017-16724 affects Advantech WebAccess prior to 8.3, with multiple stack-based buffer overflow flaws. The root cause is failure to validate lengths before copying data into fixed-length stack buffers, enabling writes beyond bounds. Public details across connected sources describe several affe...
CVE-2018-10591
CVE-2018-10591 is an origin-validation error affecting Advantech WebAccess family (WebAccess, Dashboard, Scada Node, NMS) prior to specific versions. The issue could let an attacker craft a malicious site, steal session cookies, and access data of authenticated users. Connected documents confirm ...
CVE-2020-12010
CVE-2020-12010 affects Advantech WebAccess Node (versions 8.4.4 and prior; 9.0.0). The vulnerability is a relative path traversal in the WebAccess Node application that can let an authenticated user craft a file to delete files outside the application's control. Documented impact includes potenti...
CVE-2021-33023
Advantech WebAccess (HMI/SCADA) is affected by CVE-2021-33023: a heap-based buffer overflow in handling IOCTL 0x2722 can enable remote code execution. Affected products are WebAccess versions 9.02 and earlier. The vulnerability allows code execution with high privileges and requires no authentica...