Lucene search
K
AdvantechWebaccess

103 matches found

CVE
CVE
added 2021/10/18 12:41 p.m.61 views

CVE-2021-38389

This CVE affects Advantech WebAccess (versions 9.02 and earlier). A stack-based buffer overflow vulnerability exists in the handling of IOCTL 0x1138B, allowing remote code execution with no authentication required. ZDI reports that the flaw can be exploited by remote attackers to execute code in ...

9.8CVSS9.6AI score0.10367EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.60 views

CVE-2015-3946

CVE-2015-3946 (Advantech WebAccess) : A CSRF vulnerability exists in WebAccess prior to version 8.1 that can allow remote attackers to hijack user authentication. Affected product: Advantech WebAccess (HMI/SCADA software). Root cause: cross-site request forgery enabling unauthorized actions in au...

8.8CVSS8.8AI score0.00899EPSS
CVE
CVE
added 2020/05/08 11:40 a.m.60 views

CVE-2020-12010

CVE-2020-12010 affects Advantech WebAccess Node (versions 8.4.4 and prior; 9.0.0). The vulnerability is a relative path traversal in the WebAccess Node application that can let an authenticated user craft a file to delete files outside the application's control. Documented impact includes potenti...

7.1CVSS6.8AI score0.01009EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.59 views

CVE-2016-0854

Affected product: Advantech WebAccess, specifically the Dashboard Viewer component of WebAccess prior to version 8.1. Vulnerability summary: Unrestricted upload of a file with dangerous type via the UploadAjaxAction script (uploadImageCommon/uploadFile/uploadBannerImage paths) in the WebAccess Da...

10CVSS9.3AI score0.77044EPSS
Web
CVE
CVE
added 2017/11/06 10:0 p.m.59 views

CVE-2017-12719

CVE-2017-12719 is an Untrusted Pointer Dereference in Advantech WebAccess prior to V8.2_20170817. Multiple connected sources (ZDI advisories) document a remote code execution vulnerability in the webvrpcs/drawsrv components via improper validation of user-supplied pointers, allowing an unauthenti...

7.5CVSS7.6AI score0.03051EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.59 views

CVE-2018-10590

The CVE-2018-10590 entry describes an information exposure vulnerability in Advantech WebAccess family products (WebAccess, WebAccess Dashboard, WebAccess Scada Node, WebAccess/NMS) across versions including V8.2_20170817 and prior, V8.3.0 and prior, Dashboard 2.0.15 and prior, Scada Node prior t...

7.5CVSS7.3AI score0.01708EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.59 views

CVE-2018-8841

CVE-2018-8841 affects Advantech WebAccess products (WebAccess, Dashboard, Scada Node, NMS) up to specific versions; the flaw is improper privilege management that lets an authenticated user modify files that should be read-only. Reported by multiple sources (ZDI/CISA ICS) with a CVSSv3 base score...

7.8CVSS7.3AI score0.00362EPSS
CVE
CVE
added 2020/05/08 11:41 a.m.59 views

CVE-2020-12006

Affected product. Advantech WebAccess Node (HMI platform). Vulnerabilities. Multiple relative path traversal issues in WebAccess Node versions 8.4.4 and earlier, and 9.0.0 and earlier, may allow a low-privilege user to overwrite files outside the application’s control. Red Hat and NVD entries cor...

9.8CVSS9.5AI score0.03692EPSS
CVE
CVE
added 2020/09/22 2:28 p.m.59 views

CVE-2020-16202

Advantech WebAccess Node is affected: all versions prior to 9.0.1 have incorrect permissions for resources used by specific services, potentially enabling code execution with system privileges (CWE-732). Affected product: WebAccess Node (HMI platform). Root cause: incorrect resource permissions. ...

7.8CVSS7.8AI score0.0038EPSS
CVE
CVE
added 2017/02/13 9:0 p.m.58 views

CVE-2017-5154

The CVE-2017-5154 issue affects Advantech WebAccess 8.1, where an SQL injection vulnerability exists in updateTemplate.aspx. The underlying flaw is insufficient input validation, enabling an attacker to craft inputs that could grant administrative access to the application and its data files. Pub...

9.8CVSS9.6AI score0.04398EPSS
Web
CVE
CVE
added 2018/05/15 10:0 p.m.58 views

CVE-2018-7503

CVE-2018-7503 is a path traversal vulnerability affecting Advantech WebAccess family prior to 8.3.1, including WebAccess, WebAccess Dashboard, WebAccess Scada Node, and WebAccess/NMS. The root cause is improper validation in the DownloadAction/servlet pathway, allowing an attacker to disclose sen...

7.5CVSS7.2AI score0.02562EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.58 views

CVE-2018-8845

CVE-2018-8845 is a heap-based buffer overflow in Advantech WebAccess products (versions: V8.2_20170817 and prior; V8.3.0 and prior; WebAccess Dashboard 2.0.15 and prior; WebAccess Scada Node before 8.3.1; WebAccess/NMS 2.0.3 and prior) that may allow remote code execution. The root cause is heap-...

9.8CVSS9.8AI score0.05754EPSS
CVE
CVE
added 2020/05/08 11:48 a.m.58 views

CVE-2020-12026

Advantech WebAccess Node is affected: versions 8.4.4 and earlier, and 9.0.0, contain relative path traversal vulnerabilities that may allow a low-privilege user to overwrite files outside the application’s control. Connected sources (ZDI advisories and the US-CISA/ICS advisory) describe IOCTL-dri...

8.8CVSS8.8AI score0.02312EPSS
CVE
CVE
added 2023/06/07 8:12 p.m.58 views

CVE-2023-2866

Summary: CVE-2023-2866 affects Advantech WebAccess/SCADA 8.4.5. The issue is described as Insufficient Type Distinction (CWE-351). An attacker who can trick an authenticated user into loading a maliciously crafted .zip file could use a web shell to gain full control of the SCADA server. The CVSS ...

7.8CVSS7.2AI score0.00142EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.57 views

CVE-2018-10589

The connected advisories confirm a path traversal vulnerability in Advantech WebAccess components (notably webvrpcs) that can lead to remote code execution. Affected: WebAccess WebAccess versions up to 8.2_20170817, 8.3.0 and prior; WebAccess Dashboard up to 2.0.15; WebAccess Scada Node prior to ...

9.8CVSS9.6AI score0.04121EPSS
CVE
CVE
added 2019/04/09 3:5 p.m.57 views

CVE-2019-3940

CVE-2019-3940 affects Advantech WebAccess 8.3.4. The vulnerability is a file upload issue via an unauthenticated RPC call, enabling a remote attacker to execute arbitrary code. No exploit details or remediation/version fix are provided in the supplied documents; impact is indicated as remote code...

9.8CVSS9.7AI score0.04082EPSS
CVE
CVE
added 2020/05/08 11:51 a.m.57 views

CVE-2020-12018

Advantech WebAccess Node (HMI platform) is affected by CVE-2020-12018 via an out-of-bounds read in IOCTL handling of ViewSrv.dll/DrawSrv.dll, exposing unauthorized data. Affected versions are WebAccess Node 8.4.4 and prior, and 9.0.0. The vulnerability enables information disclosure without authe...

7.5CVSS7.4AI score0.01529EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.56 views

CVE-2015-6467

CVE-2015-6467 affects Advantech WebAccess (HMI/SCADA) prior to version 8.1. The vulnerability is a remote code execution via a browser plugin, allowing an attacker to run arbitrary code on the target. Connected sources confirm a remote-exploit scenario and that Advantech released WebAccess 8.1 to...

9.3CVSS8.2AI score0.03761EPSS
CVE
CVE
added 2021/09/09 11:24 a.m.56 views

CVE-2021-38408

CVE-2021-38408 affects Advantech WebAccess (versions 9.02 and earlier). The vulnerability is a stack-based buffer overflow caused by improper validation of the length of user-supplied data, potentially enabling remote code execution. Public documentation consistently describes impact as remote co...

9.8CVSS9.9AI score0.11569EPSS
CVE
CVE
added 2017/08/30 6:0 p.m.55 views

CVE-2017-12702

CVE-2017-12702 affects Advantech WebAccess prior to version V8.2_20170817. The issue is an Externally Controlled Format String (CWE-134): string format specifiers based on user input are not properly validated, potentially enabling arbitrary code execution. The vulnerability is associated with th...

8.8CVSS8.8AI score0.0229EPSS
CVE
CVE
added 2017/08/30 6:0 p.m.55 views

CVE-2017-12704

Advantech WebAccess is affected by a HEAP-BASED BUFFER OVERFLOW (CVE-2017-12704) in versions prior to V8.2_20170817. The issue arises from improper validation of the length of user-supplied data before copying to a heap buffer, potentially allowing arbitrary code execution under the process. Affe...

8.8CVSS9AI score0.02601EPSS
CVE
CVE
added 2018/10/23 8:0 p.m.55 views

CVE-2018-14816

CVE-2018-14816 maps to multiple stack-based buffer overflow flaws in Advantech WebAccess components. Connected advisories (ZDI-18-1300, -1302, -1303, -1304, -1305, -1306, -1307, -1300? and related CNVD) describe remote code execution via careless validation of user-supplied data copied into fixed...

9.8CVSS10AI score0.0413EPSS
CVE
CVE
added 2023/10/16 11:40 p.m.55 views

CVE-2023-4215

Advantech WebAccess 9.1.3 is affected by CVE-2023-4215, an information-disclosure vulnerability that could leak user credentials via the Cloud Agent Debug service when configuring or modifying account information. The vulnerability is documented across multiple sources (NVD/NVD-ICS, CISA ICS advi...

7.5CVSS6.7AI score0.00465EPSS
CVE
CVE
added 2017/08/30 6:0 p.m.54 views

CVE-2017-12708

CVE-2017-12708 affects Advantech WebAccess versions prior to V8.2_20170817. It is an improper restriction of operations within the bounds of a memory buffer (CWE-119) that could allow referencing invalid memory locations, potentially enabling arbitrary code execution or a crash. Multiple connecte...

10CVSS9.6AI score0.03385EPSS
CVE
CVE
added 2018/05/09 7:0 p.m.54 views

CVE-2017-5175

CVE-2017-5175 affects Advantech WebAccess 8.1 and earlier and is a DLL hijacking vulnerability. An attacker could cause the application to load a malicious DLL from the search path, leading to arbitrary code execution on the affected system. Connected sources corroborate affected software version...

7.8CVSS8.6AI score0.01627EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.54 views

CVE-2018-7497

The CVE-2018-7497 entry relates to Advantech WebAccess/WebAccess Node components with untrusted pointer dereference flaws exposed via multiple webvrpcs IOCTL interfaces. The ZDI advisories (ZDI-18-491/492/493/494/495/496 and related variants) describe remote code execution opportunities where an ...

9.8CVSS9.8AI score0.02919EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.54 views

CVE-2018-7501

The CVE describes multiple SQL injection vulnerabilities in Advantech WebAccess family products prior to certain versions, leading to potential disclosure of sensitive host information. Connected advisories (ZDI) detail specific vulnerable entry points in BWMobileService.dll used by WebAccess Nod...

7.5CVSS7.8AI score0.01659EPSS
CVE
CVE
added 2019/04/09 3:6 p.m.54 views

CVE-2019-3941

Advantech WebAccess 8.3.4 is affected by CVE-2019-3941. The vulnerability allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Affected product: Advantech WebAccess (version 8.3.4). Root cause: improper handling of IOCTL 10005 RPC leading to arbitrary file delet...

7.5CVSS7.6AI score0.02388EPSS
CVE
CVE
added 2020/04/01 4:4 p.m.54 views

CVE-2019-3942

Affected product : Advantech WebAccess 8.3.4. Vulnerability : An access-control error in a remote procedure call (RPC) allows unauthenticated, remote users to read files. Root cause: insufficient restriction on RPC calls leading to exposure of sensitive files; attacker could recover the administr...

7.5CVSS7.4AI score0.01403EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.53 views

CVE-2016-0858

CVE-2016-0858 affects Advantech WebAccess prior to 8.1. A race condition in the WebAccess components can be triggered by a crafted request, enabling remote attackers to execute arbitrary code or cause a denial of service via a buffer overflow. Public sources identify this as a remote-exploit scen...

9.3CVSS8.3AI score0.05087EPSS
CVE
CVE
added 2017/05/02 2:0 p.m.53 views

CVE-2016-5810

Advantech WebAccess vulnerable upAdminPg.asp (before 8.1_20160519) exposes password information to remote authenticated administrators via unspecified vectors. The CVE-2016-5810 issue is classified as an information-disclosure vulnerability in the upAdminPg.asp component, enabling an admin higher...

4.9CVSS5AI score0.15356EPSS
Web
CVE
CVE
added 2017/08/30 6:0 p.m.53 views

CVE-2017-12710

CVE-2017-12710 corresponds to an SQL injection vulnerability in Advantech WebAccess, affecting versions prior to V8.2_20170817. The vulnerability arises from insufficient validation of input used to construct SQL queries (rmTemplate.aspx context per ZDI advisory), potentially allowing an attacker...

7.5CVSS7.7AI score0.02209EPSS
CVE
CVE
added 2017/05/06 12:0 a.m.53 views

CVE-2017-7929

CVE-2017-7929 is an Absolute Path Traversal vulnerability in Advantech WebAccess (versions 8.1 and earlier). The issue allows an attacker to traverse the file system and access restricted files or directories via network-accessible input, due to insufficient input filtering in the WebAccess web i...

7.1CVSS7AI score0.01537EPSS
CVE
CVE
added 2018/05/15 10:0 p.m.53 views

CVE-2018-7505

Advantech WebAccess/NMS is affected by CVE-2018-7505 described by ZDI-18-470 as an unrestricted file upload in the TFTP service that allows remote code execution. The flaw, in the TFTP configuration, permits uploading arbitrary files with no authentication, enabling code execution under SYSTEM on...

9.8CVSS9.6AI score0.02919EPSS
CVE
CVE
added 2018/01/12 2:0 a.m.52 views

CVE-2017-16732

CVE-2017-16732 affects Advantech WebAccess prior to version 8.3. It is a use-after-free vulnerability allowing an unauthenticated attacker to specify an arbitrary address, potentially crashing the device or enabling further impact. The incident is documented across multiple sources (NVD/NV D summ...

6.5CVSS6.5AI score0.01382EPSS
CVE
CVE
added 2018/01/05 8:0 a.m.52 views

CVE-2017-16753

CVE-2017-16753 is an improper input validation vulnerability affecting Advantech WebAccess before 8.3. WebAccess may crash due to certain inputs; CVSSv3Base 5.0 (N/A for confidentiality/integrity, Availability High) with network access and low attack complexity. ICS-CERT/NCCIC advisories (ICSA-18...

7.5CVSS7.8AI score0.02079EPSS
CVE
CVE
added 2018/10/23 8:0 p.m.52 views

CVE-2018-14806

Advantech WebAccess CVE-2018-14806 is a path traversal vulnerability in WebAccess 8.3.1 and earlier that could allow an attacker to execute arbitrary code. Affected software: Advantech WebAccess (versions 8.3.1 and prior). Root cause: path traversal in handling file paths/execution flow enabling ...

9.8CVSS9.6AI score0.04779EPSS
CVE
CVE
added 2018/10/31 10:0 p.m.52 views

CVE-2018-15706

The CVE-2018-15706 vulnerability affects Advantech WebAccess WADashboard API (versions 8.3.1 and 8.3.2). The readFile API is vulnerable to a directory traversal flaw that allows remote authenticated attackers to read arbitrary files on the server filesystem. The issue is caused by insufficient va...

6.8CVSS6.1AI score0.32367EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.51 views

CVE-2016-0859

Summary: CVE-2016-0859 affects Advantech WebAccess before 8.1. The vulnerability is an integer overflow in the Kernel service that can be triggered by a crafted RPC request, leading to remote code execution or a denial of service (stack-based buffer overflow). Affected product/version: WebAccess ...

10CVSS9.7AI score0.07571EPSS
CVE
CVE
added 2018/01/12 2:0 a.m.51 views

CVE-2017-16736

Summary: CVE-2017-16736 affects Advantech WebAccess prior to 8.3. The root cause is insufficient input validation of the picfile parameter in gmicons.asp, enabling a remote attacker to perform an arbitrary file upload. Impact (as described): Remote arbitrary file upload could enable further compr...

7.5CVSS7.5AI score0.01815EPSS
CVE
CVE
added 2018/10/23 8:0 p.m.50 views

CVE-2018-14828

Summary: CVE-2018-14828 affects Advantech WebAccess 8.3.1 and earlier, through an improper privilege management vulnerability that can allow an attacker to access files and perform actions at administrator level. Affected product/condition: WebAccess on vulnerable installs; the flaw arises from a...

7.8CVSS7.5AI score0.00407EPSS
CVE
CVE
added 2018/10/29 6:0 p.m.50 views

CVE-2018-17908

CVE-2018-17908 affects Advantech WebAccess (versions 8.3.2 and prior). The root cause is improper access control: the installer disables User Account Control and does not re-enable it after installation, allowing local privilege escalation to the Administrator context. Connected advisories confir...

7.8CVSS7.5AI score0.0045EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.49 views

CVE-2016-0851

CVE-2016-0851 affects Advantech WebAccess prior to 8.1. The issue arises from a memory safety flaw (out-of-bounds access) that can be triggered remotely, leading to a denial of service. ZDI documents a separate vulnerable path in the BwOpcSvc.dll 0x13881 IOCTL implementation, described as an unco...

7.8CVSS7.3AI score0.0223EPSS
CVE
CVE
added 2016/06/25 1:0 a.m.49 views

CVE-2016-4528

CVE-2016-4528 is a classic buffer overflow in Advantech WebAccess (pre-8.1_20160519). A specially crafted DLL file can trigger the overflow when the vulnerable WebAccess runs, with local user interaction; ICS-CERT notes it could allow code to be inserted and run, while other sources describe pote...

5CVSS5.5AI score0.00675EPSS
CVE
CVE
added 2018/10/23 8:0 p.m.49 views

CVE-2018-14820

Advantech WebAccess 8.3.1 and earlier are affected by CVE-2018-14820 due to a .dll component that permits external control of file name or path, enabling arbitrary file deletion when processing. Exploitation is described as remote and unauthenticated in vendor advisories and ZDI reports, with the...

7.5CVSS7.5AI score0.022EPSS
CVE
CVE
added 2019/12/12 8:32 p.m.47 views

CVE-2019-3951

Summary: CVE-2019-3951 affects Advantech WebAccess (HMI/SCADA) prior to 8.4.3. The issue is a stack-based buffer overflow in the webvrpcs service when processing IOCTL 70533 RPC messages, allowing unauthenticated remote attackers to execute arbitrary code or cause memory corruption, potentially l...

9.8CVSS9.9AI score0.0361EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.46 views

CVE-2016-0853

Advantech WebAccess (HMI/SCADA) before version 8.1 is affected by CVE-2016-0853, enabling remote attackers to obtain sensitive information via crafted input. The advisory notes the issue is tied to input handling and results in information disclosure. Advantech released WebAccess 8.1 to address v...

7.5CVSS7.6AI score0.02264EPSS
CVE
CVE
added 2016/06/25 1:0 a.m.45 views

CVE-2016-4525

Summary: CVE-2016-4525, CVE-2016-4528 and CVE-2016-5810 affect Advantech WebAccess prior to version 8.1_20160519. The issues arise from unsafe ActiveX controls marked as safe-for-scripting (CVE-2016-4525), a buffer overflow via crafted DLLs (CVE-2016-4528), and information exposure where an authe...

6.6CVSS6AI score0.00449EPSS
CVE
CVE
added 2021/06/11 11:26 a.m.45 views

CVE-2021-34540

Affected software: Advantech WebAccess 8.4.2 and 8.4.4. Vulnerability: Cross-site scripting (XSS) via the username field on the bwRoot.asp page of the WADashboard. Root cause/condition: reflected/injected XSS context is implied by the description, but explicit technical details about the root cau...

6.1CVSS6AI score0.00867EPSS
CVE
CVE
added 2016/01/15 2:0 a.m.44 views

CVE-2016-0852

CVE-2016-0852 affects Advantech WebAccess (pre-8.1). The vulnerability, described in ICS-CERT and CVE records, allows remote attackers to bypass an administrative requirement and gain access to files/folders via unspecified vectors. Affected versions include WebAccess 8.0 and earlier. Impact desc...

7.5CVSS7.9AI score0.02406EPSS
Total number of security vulnerabilities103