VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2019-3942Apr 1, 2020
    risk 0.00cvss epss 0.01

    Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.

  • CVE-2020-10607Mar 27, 2020
    risk 0.00cvss epss 0.02

    In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

  • CVE-2019-18257Dec 17, 2019
    risk 0.00cvss epss 0.03

    In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the…

  • CVE-2019-18229Oct 31, 2019
    risk 0.00cvss epss 0.02

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.

  • CVE-2019-18227Oct 31, 2019
    risk 0.00cvss epss 0.03

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.

  • CVE-2019-13547Oct 31, 2019
    risk 0.00cvss epss 0.03

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.

  • CVE-2019-13551Oct 31, 2019
    risk 0.00cvss epss 0.05

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an…

  • CVE-2019-16899Sep 26, 2019
    risk 0.00cvss epss 0.01

    In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.

  • CVE-2019-16900Sep 26, 2019
    risk 0.00cvss epss 0.01

    Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.

  • CVE-2019-16901Sep 26, 2019
    risk 0.00cvss epss 0.01

    Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.

  • CVE-2019-13552Sep 18, 2019
    risk 0.00cvss epss 0.03

    In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.

  • CVE-2019-13550Sep 18, 2019
    risk 0.00cvss epss 0.03

    In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.

  • CVE-2019-10961Aug 2, 2019
    risk 0.00cvss epss 0.04

    In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.

  • CVE-2019-10985Jun 28, 2019
    risk 0.00cvss epss 0.03

    In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.

  • CVE-2019-3954Jun 18, 2019
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.

  • CVE-2019-3953Jun 18, 2019
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.

  • CVE-2019-3941Apr 9, 2019
    risk 0.00cvss epss 0.02

    Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.

  • CVE-2019-3940Apr 9, 2019
    risk 0.00cvss epss 0.04

    Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.

  • CVE-2019-6554Apr 5, 2019
    risk 0.00cvss epss 0.02

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

  • CVE-2019-6550Apr 5, 2019
    risk 0.00cvss epss 0.06

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.

  • CVE-2019-6552Apr 5, 2019
    risk 0.00cvss epss 0.03

    Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.

  • CVE-2019-6519Feb 5, 2019
    risk 0.00cvss epss 0.03

    WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.

  • CVE-2018-18999Dec 19, 2018
    risk 0.00cvss epss 0.02

    WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

  • CVE-2018-15706Oct 31, 2018
    risk 0.00cvss epss 0.32

    WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.

  • CVE-2018-17910Oct 29, 2018
    risk 0.00cvss epss 0.05

    WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.

  • CVE-2018-17908Oct 29, 2018
    risk 0.00cvss epss 0.00

    WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.

  • CVE-2018-14828Oct 23, 2018
    risk 0.00cvss epss 0.00

    Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.

  • CVE-2018-14816Oct 23, 2018
    risk 0.00cvss epss 0.04

    Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

  • CVE-2018-14820Oct 23, 2018
    risk 0.00cvss epss 0.02

    Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.

  • CVE-2018-15703Oct 22, 2018
    risk 0.00cvss epss 0.01

    Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is…

  • CVE-2015-6476Nov 7, 2015
    risk 0.00cvss epss 0.02

    Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.

  • CVE-2014-9202Sep 28, 2015
    risk 0.00cvss epss 0.01

    Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.

  • CVE-2014-8385Feb 13, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2014-8388Nov 21, 2014
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document.

  • CVE-2014-0992Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.

  • CVE-2014-0991Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.

  • CVE-2014-0990Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.

  • CVE-2014-0989Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

  • CVE-2014-0988Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

  • CVE-2014-0987Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

  • CVE-2014-0986Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

  • CVE-2014-0985Sep 20, 2014
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

  • CVE-2014-2368Jul 19, 2014
    risk 0.00cvss epss 0.02

    The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

  • CVE-2014-2367Jul 19, 2014
    risk 0.00cvss epss 0.02

    The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

  • CVE-2014-2366Jul 19, 2014
    risk 0.00cvss epss 0.01

    upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.

  • CVE-2014-2365Jul 19, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

  • CVE-2014-0773Apr 12, 2014
    risk 0.00cvss epss 0.03

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The…

  • CVE-2014-0772Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not…

  • CVE-2014-0771Apr 12, 2014
    risk 0.00cvss epss 0.01

    The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not …

  • CVE-2014-0770Apr 12, 2014
    risk 0.00cvss epss 0.03

    By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.

Page 6 of 7