9 matches found
CVE-2017-12713
Advantech WebAccess before version V8.2_20170817 is affected by CVE-2017-12713: Incorrect Permission Assignment for Critical Resource, where non-administrator accounts can modify multiple files/folders with ACLs that affect other users. This is a local-privilege-escalation issue rooted in access ...
CVE-2017-12717
Technical details about CVE-2017-12717 are not provided in the connected documents. The initial description notes an uncontrolled search path element in Advantech WebAccess before V8.2_20170817, but no further details are available here. Monitor for updates.
CVE-2017-12711
CVE-2017-12711 affects Advantech WebAccess prior to V8.2_20170817. The root cause is an Incorrect Privilege Assignment where a built-in user account has been granted a sensitive privilege, potentially allowing elevation to administrative privileges. Impact is elevated access with high severity (p...
CVE-2017-12698
CVE-2017-12698 affects Advantech WebAccess prior to V8.2_20170817. The vulnerability is an improper authentication bypass that could allow remote code execution. Public sources (NVD entry and ICS-CERT/Nessus plugin) confirm the issue and indicate that updating to WebAccess version V8.2_20170817 m...
CVE-2017-12706
Advantech WebAccess contains a stack-based buffer overflow in versions prior to V8.2_20170817 caused by insufficient validation of the length of user-supplied data copied into a stack buffer. This could allow remote execution of arbitrary code in the process context. Affected product: Advantech W...
CVE-2017-12704
Advantech WebAccess is affected by a HEAP-BASED BUFFER OVERFLOW (CVE-2017-12704) in versions prior to V8.2_20170817. The issue arises from improper validation of the length of user-supplied data before copying to a heap buffer, potentially allowing arbitrary code execution under the process. Affe...
CVE-2017-12702
CVE-2017-12702 affects Advantech WebAccess prior to version V8.2_20170817. The issue is an Externally Controlled Format String (CWE-134): string format specifiers based on user input are not properly validated, potentially enabling arbitrary code execution. The vulnerability is associated with th...
CVE-2017-12708
CVE-2017-12708 affects Advantech WebAccess versions prior to V8.2_20170817. It is an improper restriction of operations within the bounds of a memory buffer (CWE-119) that could allow referencing invalid memory locations, potentially enabling arbitrary code execution or a crash. Multiple connecte...
CVE-2017-12710
CVE-2017-12710 corresponds to an SQL injection vulnerability in Advantech WebAccess, affecting versions prior to V8.2_20170817. The vulnerability arises from insufficient validation of input used to construct SQL queries (rmTemplate.aspx context per ZDI advisory), potentially allowing an attacker...