VYPR

Webaccess

by Advantech

CVEs (164)

  • CVE-2016-0851HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.

  • CVE-2017-7929HigMay 6, 2017
    risk 0.46cvss 7.1epss 0.02

    An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

  • CVE-2017-14016MedNov 6, 2017
    risk 0.45cvss 6.3epss 0.16

    A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary…

  • CVE-2016-4525MedJun 25, 2016
    risk 0.43cvss 6.6epss 0.00

    Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.

  • CVE-2024-2453MedMar 21, 2024
    risk 0.42cvss 6.4epss 0.00

    There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.

  • CVE-2017-16732MedJan 12, 2018
    risk 0.42cvss 6.5epss 0.01

    A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.

  • CVE-2018-10591MedMay 15, 2018
    risk 0.40cvss 6.1epss 0.01

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been…

  • CVE-2016-5810MedMay 2, 2017
    risk 0.36cvss 4.9epss 0.15

    upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.

  • CVE-2015-3948MedJan 15, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-3943MedJan 15, 2016
    risk 0.35cvss 5.3epss 0.02

    Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.

  • CVE-2016-4528MedJun 25, 2016
    risk 0.33cvss 5.0epss 0.01

    Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.

  • CVE-2014-2364Jul 19, 2014
    risk 0.08cvss epss 0.61

    Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9)…

  • CVE-2014-0763Apr 12, 2014
    risk 0.05cvss epss 0.19

    An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in…

  • CVE-2018-15705Oct 31, 2018
    risk 0.04cvss epss 0.12

    WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary…

  • CVE-2014-9208Sep 11, 2015
    risk 0.04cvss epss 0.09

    Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2012-0242Feb 21, 2012
    risk 0.04cvss epss 0.07

    Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.

  • CVE-2011-4041Feb 6, 2012
    risk 0.04cvss epss 0.18

    webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.

  • CVE-2020-12002May 8, 2020
    risk 0.03cvss epss 0.09

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

  • CVE-2018-15707Oct 31, 2018
    risk 0.03cvss epss 0.02

    Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.

  • CVE-2013-2299Aug 22, 2013
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Page 3 of 9