VYPR

Webaccess

by Advantech

CVEs (164)

  • CVE-2015-6467HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.04

    Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.

  • CVE-2015-3947HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.02

    SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2018-8841HigMay 15, 2018
    risk 0.51cvss 7.8epss 0.00

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may…

  • CVE-2017-5175HigMay 9, 2018
    risk 0.51cvss 7.8epss 0.02

    Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.

  • CVE-2017-12717HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.02

    An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.

  • CVE-2017-12713HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.

  • CVE-2017-12711HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

  • CVE-2018-7503HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2018-7501HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…

  • CVE-2018-7495HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…

  • CVE-2018-10590HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…

  • CVE-2017-16736HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.

  • CVE-2017-16753HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

  • CVE-2017-16728HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

  • CVE-2017-12719HigNov 6, 2017
    risk 0.49cvss 7.5epss 0.03

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.

  • CVE-2017-12710HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.02

    A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.

  • CVE-2016-0860HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.

  • CVE-2016-0855HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.

  • CVE-2016-0853HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.

  • CVE-2016-0852HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.

Page 2 of 9