WebAccss/SCADA
by Advantech
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7495 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability… | ||
| CVE-2018-10590 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory… | ||
| CVE-2023-32628 | Hig | 0.47 | 7.2 | 0.01 | Jun 6, 2023 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | ||
| CVE-2023-32540 | Hig | 0.47 | 7.2 | 0.01 | Jun 6, 2023 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead… | ||
| CVE-2023-22450 | Hig | 0.47 | 7.2 | 0.01 | Jun 6, 2023 | In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | ||
| CVE-2024-2453 | Med | 0.42 | 6.4 | 0.00 | Mar 21, 2024 | There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. | ||
| CVE-2021-32954 | Med | 0.42 | 6.5 | 0.02 | Jun 18, 2021 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | ||
| CVE-2026-36226 | Med | 0.40 | 6.1 | 0.00 | May 22, 2026 | Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component | ||
| CVE-2021-32956 | Med | 0.40 | 6.1 | 0.01 | Jun 18, 2021 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | ||
| CVE-2018-10591 | Med | 0.40 | 6.1 | 0.01 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been… | ||
| CVE-2018-5445 | Med | 0.35 | 5.3 | 0.02 | Jan 25, 2018 | A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | ||
| CVE-2018-5443 | Med | 0.35 | 5.3 | 0.01 | Jan 25, 2018 | A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. | ||
| CVE-2021-38431 | Med | 0.28 | 4.3 | 0.01 | Oct 15, 2021 | An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. |
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…
- risk 0.47cvss 7.2epss 0.01
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
- risk 0.47cvss 7.2epss 0.01
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead…
- risk 0.47cvss 7.2epss 0.01
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
- risk 0.42cvss 6.4epss 0.00
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
- risk 0.42cvss 6.5epss 0.02
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
- risk 0.40cvss 6.1epss 0.00
Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component
- risk 0.40cvss 6.1epss 0.01
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
- risk 0.40cvss 6.1epss 0.01
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been…
- risk 0.35cvss 5.3epss 0.02
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
- risk 0.35cvss 5.3epss 0.01
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
- risk 0.28cvss 4.3epss 0.01
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
Page 2 of 2