Total
102 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | |||||
CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-3941 | 1 Advantech | 1 Webaccess | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | |||||
CVE-2019-10985 | 1 Advantech | 1 Webaccess | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | |||||
CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2024-02-04 | 9.0 HIGH | 9.8 CRITICAL |
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
CVE-2019-13552 | 1 Advantech | 1 Webaccess | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | |||||
CVE-2019-10989 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | |||||
CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | |||||
CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | |||||
CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | |||||
CVE-2019-10983 | 1 Advantech | 1 Webaccess | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | |||||
CVE-2019-3940 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | |||||
CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | |||||
CVE-2019-3975 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | |||||
CVE-2019-10987 | 1 Advantech | 1 Webaccess | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2019-10991 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
CVE-2018-14828 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | |||||
CVE-2018-17910 | 1 Advantech | 1 Webaccess | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | |||||
CVE-2018-17908 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | |||||
CVE-2018-15704 | 1 Advantech | 1 Webaccess | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. |