11 matches found
CVE-2018-7499
Advantech WebAccess family (WebAccess, WebAccess Dashboard, Scada Node, NMS) contains stack-based buffer overflow vulnerabilities in multiple components, enabling remote code execution. The CVE entry cites several affected versions up to specific builds and describes unchecked data copying into s...
CVE-2018-7495
CVE-2018-7495 affects Advantech WebAccess family (WebAccess, WebAccess Dashboard, Scada Node, NMS) due to an external control of file name or path caused by insufficient validation of user-supplied paths before file operations. This may allow an attacker to delete arbitrary files. Affected versio...
CVE-2018-10591
CVE-2018-10591 is an origin-validation error affecting Advantech WebAccess family (WebAccess, Dashboard, Scada Node, NMS) prior to specific versions. The issue could let an attacker craft a malicious site, steal session cookies, and access data of authenticated users. Connected documents confirm ...
CVE-2018-10590
The CVE-2018-10590 entry describes an information exposure vulnerability in Advantech WebAccess family products (WebAccess, WebAccess Dashboard, WebAccess Scada Node, WebAccess/NMS) across versions including V8.2_20170817 and prior, V8.3.0 and prior, Dashboard 2.0.15 and prior, Scada Node prior t...
CVE-2018-8845
CVE-2018-8845 is a heap-based buffer overflow in Advantech WebAccess products (versions: V8.2_20170817 and prior; V8.3.0 and prior; WebAccess Dashboard 2.0.15 and prior; WebAccess Scada Node before 8.3.1; WebAccess/NMS 2.0.3 and prior) that may allow remote code execution. The root cause is heap-...
CVE-2018-8841
CVE-2018-8841 affects Advantech WebAccess products (WebAccess, Dashboard, Scada Node, NMS) up to specific versions; the flaw is improper privilege management that lets an authenticated user modify files that should be read-only. Reported by multiple sources (ZDI/CISA ICS) with a CVSSv3 base score...
CVE-2018-10589
The connected advisories confirm a path traversal vulnerability in Advantech WebAccess components (notably webvrpcs) that can lead to remote code execution. Affected: WebAccess WebAccess versions up to 8.2_20170817, 8.3.0 and prior; WebAccess Dashboard up to 2.0.15; WebAccess Scada Node prior to ...
CVE-2018-7503
CVE-2018-7503 is a path traversal vulnerability affecting Advantech WebAccess family prior to 8.3.1, including WebAccess, WebAccess Dashboard, WebAccess Scada Node, and WebAccess/NMS. The root cause is improper validation in the DownloadAction/servlet pathway, allowing an attacker to disclose sen...
CVE-2018-7497
The CVE-2018-7497 entry relates to Advantech WebAccess/WebAccess Node components with untrusted pointer dereference flaws exposed via multiple webvrpcs IOCTL interfaces. The ZDI advisories (ZDI-18-491/492/493/494/495/496 and related variants) describe remote code execution opportunities where an ...
CVE-2018-7501
The CVE describes multiple SQL injection vulnerabilities in Advantech WebAccess family products prior to certain versions, leading to potential disclosure of sensitive host information. Connected advisories (ZDI) detail specific vulnerable entry points in BWMobileService.dll used by WebAccess Nod...
CVE-2018-7505
Advantech WebAccess/NMS is affected by CVE-2018-7505 described by ZDI-18-470 as an unrestricted file upload in the TFTP service that allows remote code execution. The flaw, in the TFTP configuration, permits uploading arbitrary files with no authentication, enabling code execution under SYSTEM on...