Webaccess Security Vulnerabilities and Issues — Webaccess CVE List

Lucene search

AdvantechWebaccess

10 matches found

CVE•added 2019/09/18 10:15 p.m.•147 views

CVE-2019-13556

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

8.8CVSS9.3AI score0.01171EPSS

CVE•added 2019/09/18 9:15 p.m.•130 views

CVE-2019-13552

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.

8.8CVSS9.3AI score0.01577EPSS

CVE•added 2020/03/27 2:15 p.m.•99 views

CVE-2020-10607

In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

8.8CVSS9AI score0.00793EPSS

CVE•added 2019/06/28 9:15 p.m.•59 views

CVE-2019-10987

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

8.8CVSS9.2AI score0.02753EPSS

CVE•added 2018/10/31 10:29 p.m.•52 views

CVE-2018-15705

WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.

8.5CVSS6.5AI score0.06646EPSS

CVE•added 2016/01/15 3:59 a.m.•51 views

CVE-2015-3947

SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

8.1CVSS8.1AI score0.00257EPSS

CVE•added 2016/01/15 3:59 a.m.•45 views

CVE-2015-3946

Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

8.8CVSS8.8AI score0.00106EPSS

CVE•added 2017/08/30 6:29 p.m.•44 views

CVE-2017-12704

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could all...

8.8CVSS9AI score0.00822EPSS

CVE•added 2017/08/30 6:29 p.m.•42 views

CVE-2017-12702

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.

8.8CVSS8.8AI score0.00433EPSS

CVE•added 2020/05/08 12:15 p.m.•42 views

CVE-2020-12026

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

8.8CVSS8.8AI score0.01886EPSS