Webaccess Security Vulnerabilities and Issues — Webaccess CVE List

Lucene search

AdvantechWebaccess

11 matches found

CVE•added 2018/10/31 10:29 p.m.•53 views

CVE-2018-15705

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

8.5CVSS6.5AI score0.06646EPSS

CVE•added 2018/10/31 10:29 p.m.•49 views

CVE-2018-15707

Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.

5.4CVSS5.5AI score0.01123EPSS

CVE•added 2018/10/29 6:29 p.m.•46 views

CVE-2018-17910

WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.

9.3CVSS8.1AI score0.0311EPSS

CVE•added 2018/10/23 8:29 p.m.•40 views

CVE-2018-14806

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

9.8CVSS9.6AI score0.11609EPSS

CVE•added 2018/10/29 6:29 p.m.•39 views

CVE-2018-17908

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.

7.8CVSS7.5AI score0.00145EPSS

CVE•added 2018/10/23 8:29 p.m.•38 views

CVE-2018-14816

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

9.8CVSS10AI score0.04127EPSS

CVE•added 2018/10/23 8:29 p.m.•36 views

CVE-2018-14820

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

7.5CVSS7.5AI score0.01331EPSS

CVE•added 2018/10/23 8:29 p.m.•36 views

CVE-2018-14828

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

7.8CVSS7.5AI score0.00065EPSS

CVE•added 2018/10/31 10:29 p.m.•31 views

CVE-2018-15706

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.

6.8CVSS6.1AI score0.04436EPSS

CVE•added 2018/10/22 7:29 p.m.•28 views

CVE-2018-15703

Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to...

6.1CVSS6.3AI score0.00346EPSS

CVE•added 2018/10/22 7:29 p.m.•27 views

CVE-2018-15704

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.

9CVSS8.5AI score0.20485EPSS