VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2016-0854CriJan 15, 2016
    risk 0.73cvss 9.8epss 0.77

    Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors.

  • CVE-2018-6911CriFeb 13, 2018
    risk 0.68cvss 9.8epss 0.13

    The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).

  • CVE-2016-0857CriJan 15, 2016
    risk 0.66cvss 9.8epss 0.28

    Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-0856CriJan 15, 2016
    risk 0.65cvss 9.8epss 0.17

    Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2025-34256CriDec 5, 2025
    risk 0.64cvss 9.8epss 0.01

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email…

  • CVE-2018-8845CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.06

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…

  • CVE-2018-7505CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the…

  • CVE-2018-7499CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…

  • CVE-2018-7497CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…

  • CVE-2018-10589CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2017-16724CriJan 5, 2018
    risk 0.64cvss 9.8epss 0.03

    A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.

  • CVE-2017-12708CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which…

  • CVE-2017-12706CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based…

  • CVE-2017-12698CriAug 30, 2017
    risk 0.64cvss 9.8epss 0.05

    An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.

  • CVE-2017-5154CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files.

  • CVE-2016-2275CriFeb 21, 2016
    risk 0.64cvss 9.8epss 0.03

    The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript…

  • CVE-2016-0859CriJan 15, 2016
    risk 0.64cvss 9.8epss 0.08

    Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.

  • CVE-2015-7938CriJan 9, 2016
    risk 0.64cvss 9.8epss 0.04

    Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors.

  • CVE-2017-5152CriFeb 13, 2017
    risk 0.59cvss 9.1epss 0.04

    An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).

  • CVE-2017-12704HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.03

    A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based…

  • CVE-2017-12702HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.02

    An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.

  • CVE-2015-3946HigJan 15, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2026-35227HigMay 12, 2026
    risk 0.53cvss epss 0.00

    An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.

  • CVE-2016-0858HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.05

    Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request.

  • CVE-2015-6467HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.04

    Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.

  • CVE-2015-3947HigJan 15, 2016
    risk 0.53cvss 8.1epss 0.02

    SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-9349HigFeb 13, 2017
    risk 0.52cvss 7.5epss 0.08

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

  • CVE-2025-14252HigDec 16, 2025
    risk 0.51cvss 7.8epss 0.00

    An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI:…

  • CVE-2018-8841HigMay 15, 2018
    risk 0.51cvss 7.8epss 0.00

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may…

  • CVE-2017-5175HigMay 9, 2018
    risk 0.51cvss 7.8epss 0.02

    Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.

  • CVE-2018-8837HigApr 25, 2018
    risk 0.51cvss 7.8epss 0.02

    Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.

  • CVE-2018-8835HigApr 25, 2018
    risk 0.51cvss 7.8epss 0.02

    Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

  • CVE-2018-8833HigApr 25, 2018
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

  • CVE-2017-12705HigOct 25, 2017
    risk 0.51cvss 7.8epss 0.00

    A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code.

  • CVE-2017-12717HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.02

    An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.

  • CVE-2017-12713HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.

  • CVE-2017-12711HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

  • CVE-2016-9353HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.

  • CVE-2025-13373HigDec 4, 2025
    risk 0.49cvss 7.5epss 0.00

    Advantech iView versions 5.7.05.7057 and prior do not properly sanitize SNMP v1 trap (Port 162) requests, which could allow an attacker to inject SQL commands.

  • CVE-2018-7503HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.03

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified,…

  • CVE-2018-7501HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been…

  • CVE-2018-7495HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability…

  • CVE-2018-10590HigMay 15, 2018
    risk 0.49cvss 7.5epss 0.02

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory…

  • CVE-2017-16736HigJan 12, 2018
    risk 0.49cvss 7.5epss 0.02

    An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.

  • CVE-2017-16753HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

  • CVE-2017-16728HigJan 5, 2018
    risk 0.49cvss 7.5epss 0.02

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

  • CVE-2017-12719HigNov 6, 2017
    risk 0.49cvss 7.5epss 0.03

    An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.

  • CVE-2017-12710HigAug 30, 2017
    risk 0.49cvss 7.5epss 0.02

    A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.

  • CVE-2016-9351HigFeb 13, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.

  • CVE-2016-0860HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.05

    Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.

Page 1 of 7