Advantech Webaccess
By the Year
In 2024 there have been 0 vulnerabilities in Advantech Webaccess . Last year Webaccess had 2 security vulnerabilities published. Right now, Webaccess is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 2 | 7.65 |
2022 | 0 | 0.00 |
2021 | 4 | 8.88 |
2020 | 12 | 8.67 |
2019 | 19 | 9.24 |
2018 | 23 | 8.11 |
It may take a day or so for new Webaccess vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Advantech Webaccess Security Vulnerabilities
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability
CVE-2023-4215
7.5 - High
- October 17, 2023
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5
CVE-2023-2866
7.8 - High
- June 07, 2023
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
Insufficient Verification of Data Authenticity
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may
CVE-2021-33023
9.8 - Critical
- October 18, 2021
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
Memory Corruption
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may
CVE-2021-38389
9.8 - Critical
- October 18, 2021
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
Memory Corruption
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may
CVE-2021-38408
9.8 - Critical
- September 09, 2021
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
Stack Overflow
Advantech WebAccess 8.4.2 and 8.4.4
CVE-2021-34540
6.1 - Medium
- June 11, 2021
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
XSS
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may
CVE-2020-16202
7.8 - High
- September 22, 2020
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
Incorrect Permission Assignment for Critical Resource
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may
CVE-2020-12019
9.8 - Critical
- June 15, 2020
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Memory Corruption
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12022
9.8 - Critical
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
out-of-bounds array index
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-10638
9.8 - Critical
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Memory Corruption
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12002
9.8 - Critical
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
Memory Corruption
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12006
9.8 - Critical
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applications control.
Directory traversal
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12010
7.1 - High
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the applications control.
Directory traversal
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12014
7.5 - High
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.
SQL Injection
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12018
7.5 - High
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
Out-of-bounds Read
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12026
8.8 - High
- May 08, 2020
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applications control.
Directory traversal
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files
CVE-2019-3942
7.5 - High
- April 01, 2020
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
Insufficiently Protected Credentials
In Advantech WebAccess, Versions 8.4.2 and prior
CVE-2020-10607
8.8 - High
- March 27, 2020
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
Memory Corruption
Advantech WebAccess before 8.4.3
CVE-2019-3951
9.8 - Critical
- December 12, 2019
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
Memory Corruption
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may
CVE-2019-13558
9.8 - Critical
- September 18, 2019
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
Code Injection
In WebAccess versions 8.4.1 and prior
CVE-2019-13556
8.8 - High
- September 18, 2019
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
Buffer Overflow
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may
CVE-2019-13550
9.8 - Critical
- September 18, 2019
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
AuthZ
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may
CVE-2019-13552
8.8 - High
- September 18, 2019
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
Command Injection
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1
CVE-2019-3975
9.8 - Critical
- September 10, 2019
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
Classic Buffer Overflow
In WebAccess/SCADA
CVE-2019-10991
9.8 - Critical
- June 28, 2019
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
Memory Corruption
In WebAccess/SCADA Versions 8.3.5 and prior
CVE-2019-10989
9.8 - Critical
- June 28, 2019
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.
Memory Corruption
In WebAccess/SCADA Versions 8.3.5 and prior
CVE-2019-10987
8.8 - High
- June 28, 2019
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
Memory Corruption
In WebAccess/SCADA
CVE-2019-10985
9.1 - Critical
- June 28, 2019
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
Directory traversal
In WebAccess/SCADA Versions 8.3.5 and prior
CVE-2019-10983
7.5 - High
- June 28, 2019
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
Out-of-bounds Read
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may
CVE-2019-10993
9.8 - Critical
- June 28, 2019
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
Buffer Overflow
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0
CVE-2019-3954
9.8 - Critical
- June 19, 2019
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
Memory Corruption
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0
CVE-2019-3953
9.8 - Critical
- June 18, 2019
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
Memory Corruption
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call
CVE-2019-3940
9.8 - Critical
- April 09, 2019
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
Unrestricted File Upload
Advantech WebAccess 8.3.4
CVE-2019-3941
7.5 - High
- April 09, 2019
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
Missing Authentication for Critical Function
Advantech WebAccess/SCADA, Versions 8.3.5 and prior
CVE-2019-6554
7.5 - High
- April 05, 2019
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
Authorization
Advantech WebAccess/SCADA, Versions 8.3.5 and prior
CVE-2019-6552
9.8 - Critical
- April 05, 2019
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
Command Injection
Advantech WebAccess/SCADA, Versions 8.3.5 and prior
CVE-2019-6550
9.8 - Critical
- April 05, 2019
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
Buffer Overflow
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page
CVE-2018-15707
5.4 - Medium
- October 31, 2018
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.
XSS
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2
CVE-2018-15706
6.5 - Medium
- October 31, 2018
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
Directory traversal
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2
CVE-2018-15705
6.5 - Medium
- October 31, 2018
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
Directory traversal
WebAccess Versions 8.3.2 and prior
CVE-2018-17908
7.8 - High
- October 29, 2018
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code.
Authorization
WebAccess Versions 8.3.2 and prior
CVE-2018-17910
7.8 - High
- October 29, 2018
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
Buffer Overflow
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may
CVE-2018-14828
7.8 - High
- October 23, 2018
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
Improper Privilege Management
Advantech WebAccess 8.3.1 and earlier has a .dll component
CVE-2018-14820
7.5 - High
- October 23, 2018
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
Improper Input Validation
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities
CVE-2018-14816
9.8 - Critical
- October 23, 2018
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
Memory Corruption
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may
CVE-2018-14806
9.8 - Critical
- October 23, 2018
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
Directory traversal
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability
CVE-2018-15704
8.8 - High
- October 22, 2018
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.
Memory Corruption
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities
CVE-2018-15703
6.1 - Medium
- October 22, 2018
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.
XSS
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may
CVE-2018-7495
7.5 - High
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
Directory traversal
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may
CVE-2018-7497
9.8 - Critical
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
NULL Pointer Dereference
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may
CVE-2018-7499
9.8 - Critical
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
Buffer Overflow
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may
CVE-2018-7501
7.5 - High
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
SQL Injection
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may
CVE-2018-7503
7.5 - High
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
Directory traversal
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may
CVE-2018-7505
9.8 - Critical
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
Unrestricted File Upload
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may
CVE-2018-8841
7.8 - High
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
Improper Privilege Management
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may
CVE-2018-8845
9.8 - Critical
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
Buffer Overflow
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may
CVE-2018-10589
9.8 - Critical
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
Directory traversal
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files
CVE-2018-10590
7.5 - High
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
Insertion of Sensitive Information into Externally-Accessible File or Directory
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may
CVE-2018-10591
6.1 - Medium
- May 15, 2018
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.
Session Fixation
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0
CVE-2018-6911
9.8 - Critical
- February 13, 2018
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Advantech Webaccess or by Advantech? Click the Watch button to subscribe.