Filtered by vendor Advantech
Subscribe
Total
294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 4.0 MEDIUM | 7.7 HIGH |
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
CVE-2020-16215 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
CVE-2020-14499 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. | |||||
CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | |||||
CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | |||||
CVE-2020-12019 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-12014 | 1 Advantech | 1 Webaccess | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | |||||
CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
CVE-2020-14507 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
CVE-2020-14503 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | |||||
CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
CVE-2020-14505 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. | |||||
CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. |