VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2014-0768Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.

  • CVE-2014-0767Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely.

  • CVE-2014-0766Apr 12, 2014
    risk 0.00cvss epss 0.03

    An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.

  • CVE-2014-0765Apr 12, 2014
    risk 0.00cvss epss 0.03

    To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

  • CVE-2014-0764Apr 12, 2014
    risk 0.00cvss epss 0.03

    By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.

  • CVE-2012-1235Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.

  • CVE-2012-1234Feb 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

  • CVE-2012-0244Feb 21, 2012
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.

  • CVE-2012-0243Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.

  • CVE-2012-0240Feb 21, 2012
    risk 0.00cvss epss 0.04

    GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-0239Feb 21, 2012
    risk 0.00cvss epss 0.01

    uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

  • CVE-2012-0238Feb 21, 2012
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-0237Feb 21, 2012
    risk 0.00cvss epss 0.01

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.

  • CVE-2012-0236Feb 21, 2012
    risk 0.00cvss epss 0.01

    Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."

  • CVE-2012-0235Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2012-0234Feb 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.

  • CVE-2012-0233Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

  • CVE-2011-4526Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.

  • CVE-2011-4525Feb 21, 2012
    risk 0.00cvss epss 0.02

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.

  • CVE-2011-4524Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.

  • CVE-2011-4523Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2011-4522Feb 21, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2011-4521Feb 21, 2012
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.

  • CVE-2011-1914Feb 21, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified…

  • CVE-2008-5848Jan 6, 2009
    risk 0.00cvss epss 0.03

    The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.

Page 7 of 7