VYPR

WebAccss/SCADA

by Advantech

CVEs (33)

  • CVE-2018-7495HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…

  • CVE-2018-10590HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…

  • CVE-2023-32628HigJun 6, 2023
    risk 0.47cvss 7.2epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.

  • CVE-2023-32540HigJun 6, 2023
    risk 0.47cvss 7.2epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead…

  • CVE-2023-22450HigJun 6, 2023
    risk 0.47cvss 7.2epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

  • CVE-2024-2453MedMar 21, 2024
    risk 0.42cvss 6.4epss 0.00

    There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.

  • CVE-2021-32954MedJun 18, 2021
    risk 0.42cvss 6.5epss 0.02

    Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

  • CVE-2026-36226MedMay 22, 2026
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component

  • CVE-2021-32956MedJun 18, 2021
    risk 0.40cvss 6.1epss 0.01

    Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

  • CVE-2018-10591MedMay 15, 2018
    risk 0.40cvss 6.1epss 0.01

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been…

  • CVE-2018-5445MedJan 25, 2018
    risk 0.35cvss 5.3epss 0.02

    A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.

  • CVE-2018-5443MedJan 25, 2018
    risk 0.35cvss 5.3epss 0.01

    A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

  • CVE-2021-38431MedOct 15, 2021
    risk 0.28cvss 4.3epss 0.01

    An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

Page 2 of 2