Lucene search
+L
AdvantechWebaccess8.2

9 matches found

cve
cve
added 2017/08/30 6:0 p.m.76 views

CVE-2017-12713

Advantech WebAccess before version V8.2_20170817 is affected by CVE-2017-12713: Incorrect Permission Assignment for Critical Resource, where non-administrator accounts can modify multiple files/folders with ACLs that affect other users. This is a local-privilege-escalation issue rooted in access ...

7.8CVSS7.5AI score0.0035EPSS
cve
cve
added 2017/08/30 6:0 p.m.74 views

CVE-2017-12717

Technical details about CVE-2017-12717 are not provided in the connected documents. The initial description notes an uncontrolled search path element in Advantech WebAccess before V8.2_20170817, but no further details are available here. Monitor for updates.

7.8CVSS7.6AI score0.02438EPSS
cve
cve
added 2017/08/30 6:0 p.m.63 views

CVE-2017-12711

CVE-2017-12711 affects Advantech WebAccess prior to V8.2_20170817. The root cause is an Incorrect Privilege Assignment where a built-in user account has been granted a sensitive privilege, potentially allowing elevation to administrative privileges. Impact is elevated access with high severity (p...

7.8CVSS7.5AI score0.0035EPSS
cve
cve
added 2017/08/30 6:0 p.m.62 views

CVE-2017-12698

CVE-2017-12698 affects Advantech WebAccess prior to V8.2_20170817. The vulnerability is an improper authentication bypass that could allow remote code execution. Public sources (NVD entry and ICS-CERT/Nessus plugin) confirm the issue and indicate that updating to WebAccess version V8.2_20170817 m...

9.8CVSS9.8AI score0.04831EPSS
cve
cve
added 2017/08/30 6:0 p.m.61 views

CVE-2017-12706

Advantech WebAccess contains a stack-based buffer overflow in versions prior to V8.2_20170817 caused by insufficient validation of the length of user-supplied data copied into a stack buffer. This could allow remote execution of arbitrary code in the process context. Affected product: Advantech W...

9.8CVSS9.7AI score0.0317EPSS
cve
cve
added 2017/08/30 6:0 p.m.58 views

CVE-2017-12704

Advantech WebAccess is affected by a HEAP-BASED BUFFER OVERFLOW (CVE-2017-12704) in versions prior to V8.2_20170817. The issue arises from improper validation of the length of user-supplied data before copying to a heap buffer, potentially allowing arbitrary code execution under the process. Affe...

8.8CVSS9AI score0.02601EPSS
cve
cve
added 2017/08/30 6:0 p.m.56 views

CVE-2017-12702

CVE-2017-12702 affects Advantech WebAccess prior to version V8.2_20170817. The issue is an Externally Controlled Format String (CWE-134): string format specifiers based on user input are not properly validated, potentially enabling arbitrary code execution. The vulnerability is associated with th...

8.8CVSS8.8AI score0.0229EPSS
cve
cve
added 2017/08/30 6:0 p.m.55 views

CVE-2017-12708

CVE-2017-12708 affects Advantech WebAccess versions prior to V8.2_20170817. It is an improper restriction of operations within the bounds of a memory buffer (CWE-119) that could allow referencing invalid memory locations, potentially enabling arbitrary code execution or a crash. Multiple connecte...

10CVSS9.6AI score0.03385EPSS
cve
cve
added 2017/08/30 6:0 p.m.54 views

CVE-2017-12710

CVE-2017-12710 corresponds to an SQL injection vulnerability in Advantech WebAccess, affecting versions prior to V8.2_20170817. The vulnerability arises from insufficient validation of input used to construct SQL queries (rmTemplate.aspx context per ZDI advisory), potentially allowing an attacker...

7.5CVSS7.7AI score0.02209EPSS