VYPR
Vendor

Advantech

Products
55
CVEs
325
Across products
366
Status
Private

Products

55
View all 55 products →

Recent CVEs

325
View all 325 CVEs →
  • CVE-2016-0854CriJan 15, 2016
    risk 0.73cvss 9.8epss 0.77

    Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

  • CVE-2018-6911CriFeb 13, 2018
    risk 0.68cvss 9.8epss 0.13

    The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).

  • CVE-2016-0857CriJan 15, 2016
    risk 0.66cvss 9.8epss 0.28

    Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-0856CriJan 15, 2016
    risk 0.65cvss 9.8epss 0.17

    Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2025-34256CriDec 5, 2025
    risk 0.64cvss 9.8epss 0.01

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email…

  • CVE-2018-8845CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.06

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…

  • CVE-2018-7505CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the…

  • CVE-2018-7499CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…

  • CVE-2018-7497CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…

  • CVE-2018-10589CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2017-16724CriJan 5, 2018
    risk 0.64cvss 9.8epss 0.03

    A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.

  • CVE-2017-12708CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…

  • CVE-2017-12706CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…

  • CVE-2017-12698CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.

  • CVE-2017-5154CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.

  • CVE-2016-2275CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript…

  • CVE-2016-0859CriJan 15, 2016
    risk 0.64cvss 9.8epss 0.08

    Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.

  • CVE-2015-7938CriJan 9, 2016
    risk 0.64cvss 9.8epss 0.04

    Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.

  • CVE-2017-5152CriFeb 13, 2017
    risk 0.59cvss 9.1epss 0.04

    An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).

  • CVE-2017-12704HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.03

    A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based…