Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2022-07-02 | 6.8 MEDIUM | 6.5 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 4.0 MEDIUM | 7.7 HIGH |
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 4.0 MEDIUM | 6.5 MEDIUM |
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 4.3 MEDIUM | 6.1 MEDIUM |
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2021-06-24 | 5.8 MEDIUM | 6.1 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | |||||
CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2021-05-07 | 9.0 HIGH | 8.8 HIGH |
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | |||||
CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | |||||
CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2021-02-26 | 6.5 MEDIUM | 8.8 HIGH |
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | |||||
CVE-2018-18999 | 2 Advantech, Microsoft | 2 Webaccess\/scada, Windows Server 2008 | 2020-09-18 | 7.5 HIGH | 7.3 HIGH |
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. | |||||
CVE-2018-5443 | 1 Advantech | 1 Webaccess\/scada | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. | |||||
CVE-2018-5445 | 1 Advantech | 1 Webaccess\/scada | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. | |||||
CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | |||||
CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 8.6 HIGH |
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | |||||
CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2019-02-06 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. |