Vendor CVEs
Advantech
All CVEs
325 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0854 | Cri | 0.73 | 9.8 | 0.77 | Jan 15, 2016 | Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. | ||
| CVE-2018-6911 | Cri | 0.68 | 9.8 | 0.13 | Feb 13, 2018 | The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). | ||
| CVE-2016-0857 | Cri | 0.66 | 9.8 | 0.28 | Jan 15, 2016 | Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-0856 | Cri | 0.65 | 9.8 | 0.17 | Jan 15, 2016 | Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2025-34256 | Cri | 0.64 | 9.8 | 0.01 | Dec 5, 2025 | Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email… | ||
| CVE-2018-8845 | Cri | 0.64 | 9.8 | 0.06 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been… | ||
| CVE-2018-7505 | Cri | 0.64 | 9.8 | 0.03 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the… | ||
| CVE-2018-7499 | Cri | 0.64 | 9.8 | 0.04 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities… | ||
| CVE-2018-7497 | Cri | 0.64 | 9.8 | 0.03 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities… | ||
| CVE-2018-10589 | Cri | 0.64 | 9.8 | 0.04 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,… | ||
| CVE-2017-16724 | Cri | 0.64 | 9.8 | 0.03 | Jan 5, 2018 | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. | ||
| CVE-2017-12708 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which… | ||
| CVE-2017-12706 | Cri | 0.64 | 9.8 | 0.03 | Aug 30, 2017 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based… | ||
| CVE-2017-12698 | Cri | 0.64 | 9.8 | 0.05 | Aug 30, 2017 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | ||
| CVE-2017-5154 | Cri | 0.64 | 9.8 | 0.04 | Feb 13, 2017 | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | ||
| CVE-2016-2275 | Cri | 0.64 | 9.8 | 0.03 | Feb 21, 2016 | The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript… | ||
| CVE-2016-0859 | Cri | 0.64 | 9.8 | 0.08 | Jan 15, 2016 | Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. | ||
| CVE-2015-7938 | Cri | 0.64 | 9.8 | 0.04 | Jan 9, 2016 | Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | ||
| CVE-2017-5152 | Cri | 0.59 | 9.1 | 0.04 | Feb 13, 2017 | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | ||
| CVE-2017-12704 | Hig | 0.57 | 8.8 | 0.03 | Aug 30, 2017 | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based… | ||
| CVE-2017-12702 | Hig | 0.57 | 8.8 | 0.02 | Aug 30, 2017 | An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | ||
| CVE-2015-3946 | Hig | 0.57 | 8.8 | 0.01 | Jan 15, 2016 | Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2026-35227 | Hig | 0.53 | — | 0.00 | May 12, 2026 | An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections. | ||
| CVE-2016-0858 | Hig | 0.53 | 8.1 | 0.05 | Jan 15, 2016 | Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. | ||
| CVE-2015-6467 | Hig | 0.53 | 8.1 | 0.04 | Jan 15, 2016 | Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. | ||
| CVE-2015-3947 | Hig | 0.53 | 8.1 | 0.02 | Jan 15, 2016 | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2016-9349 | Hig | 0.52 | 7.5 | 0.08 | Feb 13, 2017 | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. | ||
| CVE-2025-14252 | Hig | 0.51 | 7.8 | 0.00 | Dec 16, 2025 | An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI:… | ||
| CVE-2018-8841 | Hig | 0.51 | 7.8 | 0.00 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may… | ||
| CVE-2017-5175 | Hig | 0.51 | 7.8 | 0.02 | May 9, 2018 | Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | ||
| CVE-2018-8837 | Hig | 0.51 | 7.8 | 0.02 | Apr 25, 2018 | Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | ||
| CVE-2018-8835 | Hig | 0.51 | 7.8 | 0.02 | Apr 25, 2018 | Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||
| CVE-2018-8833 | Hig | 0.51 | 7.8 | 0.02 | Apr 25, 2018 | Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||
| CVE-2017-12705 | Hig | 0.51 | 7.8 | 0.00 | Oct 25, 2017 | A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. | ||
| CVE-2017-12717 | Hig | 0.51 | 7.8 | 0.02 | Aug 30, 2017 | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. | ||
| CVE-2017-12713 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | ||
| CVE-2017-12711 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | ||
| CVE-2016-9353 | Hig | 0.51 | 7.8 | 0.00 | Feb 13, 2017 | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. | ||
| CVE-2025-13373 | Hig | 0.49 | 7.5 | 0.00 | Dec 4, 2025 | Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands. | ||
| CVE-2018-7503 | Hig | 0.49 | 7.5 | 0.03 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,… | ||
| CVE-2018-7501 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been… | ||
| CVE-2018-7495 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability… | ||
| CVE-2018-10590 | Hig | 0.49 | 7.5 | 0.02 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory… | ||
| CVE-2017-16736 | Hig | 0.49 | 7.5 | 0.02 | Jan 12, 2018 | An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | ||
| CVE-2017-16753 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | ||
| CVE-2017-16728 | Hig | 0.49 | 7.5 | 0.02 | Jan 5, 2018 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | ||
| CVE-2017-12719 | Hig | 0.49 | 7.5 | 0.03 | Nov 6, 2017 | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | ||
| CVE-2017-12710 | Hig | 0.49 | 7.5 | 0.02 | Aug 30, 2017 | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | ||
| CVE-2016-9351 | Hig | 0.49 | 7.0 | 0.04 | Feb 13, 2017 | An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file. | ||
| CVE-2016-0860 | Hig | 0.49 | 7.5 | 0.05 | Jan 15, 2016 | Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. |
- risk 0.73cvss 9.8epss 0.77
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.
- risk 0.68cvss 9.8epss 0.13
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
- risk 0.66cvss 9.8epss 0.28
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.17
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.01
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email…
- risk 0.64cvss 9.8epss 0.06
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…
- risk 0.64cvss 9.8epss 0.03
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the…
- risk 0.64cvss 9.8epss 0.04
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…
- risk 0.64cvss 9.8epss 0.03
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…
- risk 0.64cvss 9.8epss 0.04
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…
- risk 0.64cvss 9.8epss 0.03
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.
- risk 0.64cvss 9.8epss 0.03
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…
- risk 0.64cvss 9.8epss 0.03
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…
- risk 0.64cvss 9.8epss 0.05
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.
- risk 0.64cvss 9.8epss 0.03
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript…
- risk 0.64cvss 9.8epss 0.08
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
- risk 0.64cvss 9.8epss 0.04
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.
- risk 0.59cvss 9.1epss 0.04
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).
- risk 0.57cvss 8.8epss 0.03
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based…
- risk 0.57cvss 8.8epss 0.02
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- risk 0.53cvss —epss 0.00
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
- risk 0.53cvss 8.1epss 0.05
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.
- risk 0.53cvss 8.1epss 0.04
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
- risk 0.53cvss 8.1epss 0.02
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- risk 0.52cvss 7.5epss 0.08
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
- risk 0.51cvss 7.8epss 0.00
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI:…
- risk 0.51cvss 7.8epss 0.00
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may…
- risk 0.51cvss 7.8epss 0.02
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
- risk 0.51cvss 7.8epss 0.02
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
- risk 0.51cvss 7.8epss 0.02
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
- risk 0.51cvss 7.8epss 0.00
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.02
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
- risk 0.51cvss 7.8epss 0.00
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
- risk 0.51cvss 7.8epss 0.00
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.
- risk 0.49cvss 7.5epss 0.00
Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.
- risk 0.49cvss 7.5epss 0.03
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…
- risk 0.49cvss 7.5epss 0.02
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…
- risk 0.49cvss 7.5epss 0.02
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
- risk 0.49cvss 7.5epss 0.02
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
- risk 0.49cvss 7.5epss 0.02
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
- risk 0.49cvss 7.5epss 0.03
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.
- risk 0.49cvss 7.5epss 0.02
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
- risk 0.49cvss 7.0epss 0.04
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
- risk 0.49cvss 7.5epss 0.05
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
Page 1 of 7