Webaccess Security Vulnerabilities and Issues — Webaccess CVE List

Lucene search

AdvantechWebaccess

33 matches found

CVE•added 2017/08/30 6:29 p.m.•62 views

CVE-2017-12713

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2019/06/28 9:15 p.m.•59 views

CVE-2019-10983

In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.

7.5CVSS7.3AI score0.00478EPSS

CVE•added 2016/01/15 3:59 a.m.•55 views

CVE-2016-0855

Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.

7.5CVSS7.4AI score0.03548EPSS

CVE•added 2014/11/21 2:59 a.m.•52 views

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.

7.2CVSS7.8AI score0.00246EPSS

CVE•added 2017/08/30 6:29 p.m.•52 views

CVE-2017-12711

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

7.8CVSS7.5AI score0.0008EPSS

CVE•added 2017/08/30 6:29 p.m.•52 views

CVE-2017-12717

An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.

7.8CVSS7.6AI score0.00674EPSS

CVE•added 2019/04/05 7:29 p.m.•52 views

CVE-2019-6554

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

7.5CVSS7.3AI score0.00228EPSS

CVE•added 2018/01/05 8:29 a.m.•47 views

CVE-2017-16728

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

7.5CVSS7.4AI score0.00646EPSS

CVE•added 2018/05/15 10:29 p.m.•47 views

CVE-2018-7495

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified,...

7.5CVSS7.5AI score0.03023EPSS

CVE•added 2020/05/08 12:15 p.m.•47 views

CVE-2020-12010

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

7.1CVSS6.8AI score0.00578EPSS

CVE•added 2018/05/15 10:29 p.m.•44 views

CVE-2018-10590

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been id...

7.5CVSS7.3AI score0.00457EPSS

CVE•added 2018/05/15 10:29 p.m.•44 views

CVE-2018-7503

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an at...

7.5CVSS7.2AI score0.01804EPSS

CVE•added 2018/05/15 10:29 p.m.•44 views

CVE-2018-8841

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated u...

7.8CVSS7.3AI score0.001EPSS

CVE•added 2020/05/08 12:15 p.m.•44 views

CVE-2020-12014

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.

7.5CVSS7.7AI score0.00333EPSS

CVE•added 2017/05/06 12:29 a.m.•43 views

CVE-2017-7929

An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

7.1CVSS7AI score0.00762EPSS

CVE•added 2017/11/06 10:29 p.m.•42 views

CVE-2017-12719

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.

7.5CVSS7.6AI score0.01871EPSS

CVE•added 2018/05/09 7:29 p.m.•42 views

CVE-2017-5175

Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.

7.8CVSS8.6AI score0.00225EPSS

CVE•added 2020/05/08 12:15 p.m.•42 views

CVE-2020-12018

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

7.5CVSS7.4AI score0.00334EPSS

CVE•added 2023/10/17 12:15 a.m.•42 views

CVE-2023-4215

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.

7.5CVSS6.7AI score0.00125EPSS

CVE•added 2017/08/30 6:29 p.m.•41 views

CVE-2017-12710

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.

7.5CVSS7.7AI score0.00495EPSS

CVE•added 2023/06/07 9:15 p.m.•41 views

CVE-2023-2866

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.

7.8CVSS7.2AI score0.00023EPSS

CVE•added 2018/01/05 8:29 a.m.•39 views

CVE-2017-16753

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

7.5CVSS7.8AI score0.0055EPSS

CVE•added 2018/10/29 6:29 p.m.•39 views

CVE-2018-17908

WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.

7.8CVSS7.5AI score0.00145EPSS

CVE•added 2019/04/09 4:29 p.m.•39 views

CVE-2019-3941

Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.

7.5CVSS7.6AI score0.03204EPSS

CVE•added 2020/09/22 3:15 p.m.•39 views

CVE-2020-16202

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

7.8CVSS7.8AI score0.00028EPSS

CVE•added 2018/05/15 10:29 p.m.•38 views

CVE-2018-7501

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow...

7.5CVSS7.8AI score0.00281EPSS

CVE•added 2018/01/12 2:29 a.m.•37 views

CVE-2017-16736

An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.

7.5CVSS7.5AI score0.00394EPSS

CVE•added 2020/04/01 5:15 p.m.•37 views

CVE-2019-3942

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

7.5CVSS7.4AI score0.00935EPSS

CVE•added 2018/10/23 8:29 p.m.•36 views

CVE-2018-14820

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

7.5CVSS7.5AI score0.01331EPSS

CVE•added 2018/10/23 8:29 p.m.•36 views

CVE-2018-14828

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

7.8CVSS7.5AI score0.00065EPSS

CVE•added 2016/01/15 3:59 a.m.•35 views

CVE-2016-0853

Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.

7.5CVSS7.6AI score0.0052EPSS

CVE•added 2016/01/15 3:59 a.m.•34 views

CVE-2016-0851

Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.

7.8CVSS7.3AI score0.0024EPSS

CVE•added 2016/01/15 3:59 a.m.•31 views

CVE-2016-0852

Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.

7.5CVSS7.9AI score0.00167EPSS