Webaccess Security Vulnerabilities and Issues — Webaccess CVE List

Lucene search

AdvantechWebaccess

9 matches found

CVE•added 2017/08/30 6:29 p.m.•62 views

CVE-2017-12713

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2017/08/30 6:29 p.m.•52 views

CVE-2017-12711

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2017/08/30 6:29 p.m.•52 views

CVE-2017-12717

An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.

7.8CVSS7.6AI score0.00674EPSS

CVE•added 2017/08/30 6:29 p.m.•48 views

CVE-2017-12706

A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could all...

9.8CVSS9.7AI score0.0136EPSS

CVE•added 2017/08/30 6:29 p.m.•46 views

CVE-2017-12698

An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.

9.8CVSS9.8AI score0.06851EPSS

CVE•added 2017/08/30 6:29 p.m.•44 views

CVE-2017-12704

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could all...

8.8CVSS9AI score0.00822EPSS

CVE•added 2017/08/30 6:29 p.m.•43 views

CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.

8.8CVSS8.8AI score0.00433EPSS

CVE•added 2017/08/30 6:29 p.m.•41 views

CVE-2017-12710

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.

7.5CVSS7.7AI score0.00495EPSS

CVE•added 2017/08/30 6:29 p.m.•40 views

CVE-2017-12708

An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attack...

10CVSS9.6AI score0.00741EPSS