VYPR
Vendor

Webace

Products
6
CVEs
18
Across products
22
Status
Private

Products

6

Recent CVEs

18
  • CVE-2017-16720CriJan 5, 2018
    risk 0.71cvss 9.8epss 0.50

    A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.

  • CVE-2017-16716CriJan 5, 2018
    risk 0.67cvss 9.8epss 0.06

    A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.

  • CVE-2019-10993CriJun 28, 2019
    risk 0.65cvss 9.8epss 0.11

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

  • CVE-2021-32943CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.02

    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2020-12019CriJun 15, 2020
    risk 0.64cvss 9.8epss 0.02

    WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2019-13558CriSep 18, 2019
    risk 0.64cvss 9.8epss 0.03

    In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.

  • CVE-2019-13550CriSep 18, 2019
    risk 0.64cvss 9.8epss 0.03

    In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.

  • CVE-2019-10991CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2019-10989CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability…

  • CVE-2019-10985CriJun 28, 2019
    risk 0.59cvss 9.1epss 0.03

    In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.

  • CVE-2019-10987HigJun 28, 2019
    risk 0.58cvss 8.8epss 0.06

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2020-25161HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.02

    The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

  • CVE-2019-13556HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.02

    In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2019-13552HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.03

    In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.

  • CVE-2020-16202HigSep 22, 2020
    risk 0.51cvss 7.8epss 0.00

    WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

  • CVE-2019-10983HigJun 28, 2019
    risk 0.49cvss 7.5epss 0.02

    In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.

  • CVE-2021-22676MedAug 10, 2021
    risk 0.40cvss 6.1epss 0.01

    UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the…

  • CVE-2007-4846Sep 12, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.