Filtered by vendor Advantech
Subscribe
Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | |||||
| CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | |||||
| CVE-2018-17910 | 1 Advantech | 1 Webaccess | 2019-10-09 | 9.3 HIGH | 7.8 HIGH |
| WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | |||||
| CVE-2018-14820 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.4 MEDIUM | 7.5 HIGH |
| Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | |||||
| CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-14828 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | |||||
| CVE-2018-10589 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-10590 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. | |||||
| CVE-2018-10591 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 2.6 LOW | 6.1 MEDIUM |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | |||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.5 MEDIUM | 7.1 HIGH |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | |||||
| CVE-2017-5175 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | |||||
| CVE-2017-16728 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. | |||||
| CVE-2017-16720 | 1 Advantech | 1 Webaccess | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. | |||||
| CVE-2017-16753 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | |||||
| CVE-2017-16736 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | |||||
| CVE-2017-16732 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address. | |||||
| CVE-2017-16724 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. | |||||
| CVE-2017-12719 | 1 Advantech | 1 Webaccess | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | |||||
| CVE-2017-12711 | 1 Advantech | 1 Webaccess | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | |||||
| CVE-2017-12717 | 1 Advantech | 1 Webaccess | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. | |||||