Total
103 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-3975 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | |||||
CVE-2019-13552 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | |||||
CVE-2019-3940 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | |||||
CVE-2019-10983 | 1 Advantech | 1 Webaccess | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | |||||
CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | |||||
CVE-2019-10991 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | |||||
CVE-2019-3941 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | |||||
CVE-2019-10987 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-10985 | 1 Advantech | 1 Webaccess | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | |||||
CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | |||||
CVE-2019-3954 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | |||||
CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | |||||
CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2024-02-28 | 9.0 HIGH | 9.8 CRITICAL |
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
CVE-2019-10989 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | |||||
CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | |||||
CVE-2018-15705 | 1 Advantech | 1 Webaccess | 2024-02-28 | 8.5 HIGH | 6.5 MEDIUM |
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | |||||
CVE-2018-14816 | 1 Advantech | 1 Webaccess | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | |||||
CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. |