Webaccess
by Advantech
CVEs (164)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6467 | Hig | 0.53 | 8.1 | 0.04 | Jan 15, 2016 | Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. | ||
| CVE-2015-3947 | Hig | 0.53 | 8.1 | 0.02 | Jan 15, 2016 | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2018-8841 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may… | ||
| CVE-2017-5175 | Hig | 0.51 | 7.8 | 0.02 | May 9, 2018 | Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | ||
| CVE-2017-12717 | Hig | 0.51 | 7.8 | 0.02 | Aug 30, 2017 | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. | ||
| CVE-2017-12713 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | ||
| CVE-2017-12711 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | ||
| CVE-2018-7503 | Hig | 0.49 | 7.5 | 0.03 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,… | ||
| CVE-2018-7501 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been… | ||
| CVE-2018-7495 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability… | ||
| CVE-2018-10590 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory… | ||
| CVE-2017-16736 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | ||
| CVE-2017-16753 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | ||
| CVE-2017-16728 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | ||
| CVE-2017-12719 | Hig | 0.49 | 7.5 | 0.03 | Nov 6, 2017 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | ||
| CVE-2017-12710 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2017 | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | ||
| CVE-2016-0860 | Hig | 0.49 | 7.5 | 0.05 | Jan 15, 2016 | Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. | ||
| CVE-2016-0855 | Hig | 0.49 | 7.5 | 0.05 | Jan 15, 2016 | Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. | ||
| CVE-2016-0853 | Hig | 0.49 | 7.5 | 0.02 | Jan 15, 2016 | Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. | ||
| CVE-2016-0852 | Hig | 0.49 | 7.5 | 0.02 | Jan 15, 2016 | Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. |
- risk 0.53cvss 8.1epss 0.04
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
- risk 0.53cvss 8.1epss 0.02
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may…
- risk 0.51cvss 7.8epss 0.02
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
- risk 0.51cvss 7.8epss 0.02
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
- risk 0.51cvss 7.8epss 0.00
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
- risk 0.51cvss 7.8epss 0.00
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.
- risk 0.49cvss 7.5epss 0.03
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…
- risk 0.49cvss 7.5epss 0.02
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
- risk 0.49cvss 7.5epss 0.02
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
- risk 0.49cvss 7.5epss 0.02
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
- risk 0.49cvss 7.5epss 0.03
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
- risk 0.49cvss 7.5epss 0.02
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
- risk 0.49cvss 7.5epss 0.05
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
- risk 0.49cvss 7.5epss 0.02
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors.
Page 2 of 9