Webaccess@* Security Vulnerabilities and Issues — Webaccess@* CVE List

AdvantechWebaccess*

10 matches found

CVE•added 2018/01/05 8:0 a.m.•69 views

CVE-2017-16716

Advantech WebAccess prior to version 8.3 is affected by a SQL Injection vulnerability (CVE-2017-16716) caused by inadequate input sanitization. A remote attacker could exploit this to execute arbitrary code in the WebAccess service. Public PoCs and advisories (ZDI-18-065, Exploit-DB listing) desc...

9.8CVSS9.6AI score0.06009EPSS

Web

CVE•added 2018/01/05 8:0 a.m.•67 views

CVE-2017-16728

CVE-2017-16728 concerns Advantech WebAccess before 8.3, where an untrusted pointer dereference in the webvrpcs/drawsrv components can cause invalid memory dereference. Public sources describe potential crashes and, in ZDI advisories, remote code execution scenarios without authentication via IOCT...

7.5CVSS7.4AI score0.02079EPSS

CVE•added 2017/11/06 10:0 p.m.•61 views

CVE-2017-14016

CVE-2017-14016 affects Advantech WebAccess prior to version V8.2_20170817 . The vulnerability is a stack-based buffer overflow in the Webvrpcs DCERPC service (opcode 80061) caused by insufficient validation of user-supplied data length before copying to a stack buffer, enabling remote code execut...

6.8CVSS6.5AI score0.16043EPSS

CVE•added 2018/01/05 8:0 a.m.•56 views

CVE-2017-16724

CVE-2017-16724 affects Advantech WebAccess prior to 8.3, with multiple stack-based buffer overflow flaws. The root cause is failure to validate lengths before copying data into fixed-length stack buffers, enabling writes beyond bounds. Public details across connected sources describe several affe...

9.8CVSS9.1AI score0.0259EPSS

CVE•added 2017/11/06 10:0 p.m.•54 views

CVE-2017-12719

CVE-2017-12719 is an Untrusted Pointer Dereference in Advantech WebAccess prior to V8.2_20170817. Multiple connected sources (ZDI advisories) document a remote code execution vulnerability in the webvrpcs/drawsrv components via improper validation of user-supplied pointers, allowing an unauthenti...

7.5CVSS7.6AI score0.03051EPSS

CVE•added 2020/09/22 2:28 p.m.•52 views

CVE-2020-16202

Advantech WebAccess Node is affected: all versions prior to 9.0.1 have incorrect permissions for resources used by specific services, potentially enabling code execution with system privileges (CWE-732). Affected product: WebAccess Node (HMI platform). Root cause: incorrect resource permissions. ...

7.8CVSS7.8AI score0.00364EPSS

CVE•added 2018/01/12 2:0 a.m.•49 views

CVE-2017-16732

CVE-2017-16732 affects Advantech WebAccess prior to version 8.3. It is a use-after-free vulnerability allowing an unauthenticated attacker to specify an arbitrary address, potentially crashing the device or enabling further impact. The incident is documented across multiple sources (NVD/NV D summ...

6.5CVSS6.5AI score0.01409EPSS

CVE•added 2018/01/12 2:0 a.m.•48 views

CVE-2017-16736

Summary: CVE-2017-16736 affects Advantech WebAccess prior to 8.3. The root cause is insufficient input validation of the picfile parameter in gmicons.asp, enabling a remote attacker to perform an arbitrary file upload. Impact (as described): Remote arbitrary file upload could enable further compr...

7.5CVSS7.5AI score0.01849EPSS

CVE•added 2018/01/05 8:0 a.m.•47 views

CVE-2017-16753

CVE-2017-16753 is an improper input validation vulnerability affecting Advantech WebAccess before 8.3. WebAccess may crash due to certain inputs; CVSSv3Base 5.0 (N/A for confidentiality/integrity, Availability High) with network access and low attack complexity. ICS-CERT/NCCIC advisories (ICSA-18...

7.5CVSS7.8AI score0.02079EPSS

CVE•added 2019/12/12 8:32 p.m.•42 views

CVE-2019-3951

Summary: CVE-2019-3951 affects Advantech WebAccess (HMI/SCADA) prior to 8.4.3. The issue is a stack-based buffer overflow in the webvrpcs service when processing IOCTL 70533 RPC messages, allowing unauthenticated remote attackers to execute arbitrary code or cause memory corruption, potentially l...

9.8CVSS9.9AI score0.0361EPSS