Webaccess
by Advantech
CVEs (164)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-12010 | 0.00 | — | 0.01 | May 8, 2020 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | |||
| CVE-2020-12022 | 0.00 | — | 0.02 | May 8, 2020 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. | |||
| CVE-2020-10619 | 0.00 | — | 0.14 | Apr 9, 2020 | An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||
| CVE-2020-10603 | 0.00 | — | 0.01 | Apr 9, 2020 | WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | |||
| CVE-2020-10631 | 0.00 | — | 0.01 | Apr 9, 2020 | An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||
| CVE-2020-10617 | 0.00 | — | 0.01 | Apr 9, 2020 | There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||
| CVE-2020-10621 | 0.00 | — | 0.02 | Apr 9, 2020 | Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||
| CVE-2019-3942 | 0.00 | — | 0.01 | Apr 1, 2020 | Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. | |||
| CVE-2020-10607 | 0.00 | — | 0.02 | Mar 27, 2020 | In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||
| CVE-2019-13552 | 0.00 | — | 0.03 | Sep 18, 2019 | In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | |||
| CVE-2019-13550 | 0.00 | — | 0.03 | Sep 18, 2019 | In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | |||
| CVE-2019-3941 | 0.00 | — | 0.02 | Apr 9, 2019 | Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | |||
| CVE-2019-3940 | 0.00 | — | 0.04 | Apr 9, 2019 | Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | |||
| CVE-2019-6554 | 0.00 | — | 0.02 | Apr 5, 2019 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | |||
| CVE-2019-6550 | 0.00 | — | 0.06 | Apr 5, 2019 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | |||
| CVE-2019-6552 | 0.00 | — | 0.03 | Apr 5, 2019 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | |||
| CVE-2018-15706 | 0.00 | — | 0.32 | Oct 31, 2018 | WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | |||
| CVE-2018-17910 | 0.00 | — | 0.05 | Oct 29, 2018 | WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | |||
| CVE-2018-17908 | 0.00 | — | 0.00 | Oct 29, 2018 | WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | |||
| CVE-2018-14828 | 0.00 | — | 0.00 | Oct 23, 2018 | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. |
- CVE-2020-12010May 8, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
- CVE-2020-12022May 8, 2020risk 0.00cvss —epss 0.02
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
- CVE-2020-10619Apr 9, 2020risk 0.00cvss —epss 0.14
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
- CVE-2020-10603Apr 9, 2020risk 0.00cvss —epss 0.01
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
- CVE-2020-10631Apr 9, 2020risk 0.00cvss —epss 0.01
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
- CVE-2020-10617Apr 9, 2020risk 0.00cvss —epss 0.01
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
- CVE-2020-10621Apr 9, 2020risk 0.00cvss —epss 0.02
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
- CVE-2019-3942Apr 1, 2020risk 0.00cvss —epss 0.01
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
- CVE-2020-10607Mar 27, 2020risk 0.00cvss —epss 0.02
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
- CVE-2019-13552Sep 18, 2019risk 0.00cvss —epss 0.03
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
- CVE-2019-13550Sep 18, 2019risk 0.00cvss —epss 0.03
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
- CVE-2019-3941Apr 9, 2019risk 0.00cvss —epss 0.02
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
- CVE-2019-3940Apr 9, 2019risk 0.00cvss —epss 0.04
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
- CVE-2019-6554Apr 5, 2019risk 0.00cvss —epss 0.02
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
- CVE-2019-6550Apr 5, 2019risk 0.00cvss —epss 0.06
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
- CVE-2019-6552Apr 5, 2019risk 0.00cvss —epss 0.03
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
- CVE-2018-15706Oct 31, 2018risk 0.00cvss —epss 0.32
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
- CVE-2018-17910Oct 29, 2018risk 0.00cvss —epss 0.05
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
- CVE-2018-17908Oct 29, 2018risk 0.00cvss —epss 0.00
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.
- CVE-2018-14828Oct 23, 2018risk 0.00cvss —epss 0.00
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
Page 6 of 9