VYPR

WebAccss/SCADA

by Advantech

CVEs (33)

  • CVE-2023-1437CriAug 2, 2023
    risk 0.64cvss 9.8epss 0.03

    All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the…

  • CVE-2019-3975CriSep 10, 2019
    risk 0.64cvss 9.8epss 0.05

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.

  • CVE-2019-3954CriJun 19, 2019
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.

  • CVE-2019-3953CriJun 18, 2019
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.

  • CVE-2019-6552CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.03

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.

  • CVE-2019-6550CriApr 5, 2019
    risk 0.64cvss 9.8epss 0.06

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.

  • CVE-2018-8845CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.06

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…

  • CVE-2018-7505CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the…

  • CVE-2018-7499CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…

  • CVE-2018-7497CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…

  • CVE-2018-10589CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2020-13555HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…

  • CVE-2020-13553HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…

  • CVE-2020-13552HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or…

  • CVE-2020-13551HigFeb 17, 2021
    risk 0.57cvss 8.8epss 0.00

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…

  • CVE-2020-13554HigMar 3, 2021
    risk 0.51cvss 7.8epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…

  • CVE-2020-13550HigFeb 17, 2021
    risk 0.50cvss 7.7epss 0.03

    A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.

  • CVE-2019-6554HigApr 5, 2019
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

  • CVE-2018-7503HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2018-7501HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…

Page 1 of 2