Advantech Webaccessscada
By the Year
In 2024 there have been 0 vulnerabilities in Advantech Webaccessscada . Last year Webaccessscada had 4 security vulnerabilities published. Right now, Webaccessscada is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 9.15 |
| 2022 | 0 | 0.00 |
| 2021 | 14 | 7.81 |
| 2020 | 0 | 0.00 |
| 2019 | 3 | 9.40 |
| 2018 | 2 | 5.30 |
It may take a day or so for new Webaccessscada vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Advantech Webaccessscada Security Vulnerabilities
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers
CVE-2023-1437
9.8 - Critical
- August 02, 2023
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Untrusted Pointer Dereference
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability
CVE-2023-22450
7.2 - High
- June 06, 2023
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Unrestricted File Upload
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could
CVE-2023-32540
9.8 - Critical
- June 06, 2023
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Code Injection
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability
CVE-2023-32628
9.8 - Critical
- June 06, 2023
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
Unrestricted File Upload
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could
CVE-2021-22676
6.1 - Medium
- August 10, 2021
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
XSS
The affected product is vulnerable to a stack-based buffer overflow, which may
CVE-2021-32943
9.8 - Critical
- August 10, 2021
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Memory Corruption
The affected product is vulnerable to a relative path traversal condition, which may
CVE-2021-22674
6.5 - Medium
- August 10, 2021
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Directory traversal
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL
CVE-2021-32956
6.1 - Medium
- June 18, 2021
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
Open Redirect
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may
CVE-2021-32954
6.5 - Medium
- June 18, 2021
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
Directory traversal
Incorrect permissions are set to default on the Project Management page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may
CVE-2021-22669
8.8 - High
- April 26, 2021
Incorrect permissions are set to default on the Project Management page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrators password and login as an administrator to escalate privileges on the system.
Incorrect Permission Assignment for Critical Resource
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may
CVE-2021-27436
6.1 - Medium
- March 18, 2021
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the users cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
XSS
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation
CVE-2020-13554
7.8 - High
- March 03, 2021
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect Default Permissions
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may
CVE-2020-25161
8.8 - High
- February 23, 2021
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
Externally Controlled Reference to a Resource in Another Sphere
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation
CVE-2020-13555
8.8 - High
- February 17, 2021
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect Default Permissions
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1
CVE-2020-13550
7.7 - High
- February 17, 2021
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Directory traversal
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation
CVE-2020-13551
8.8 - High
- February 17, 2021
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect Default Permissions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation
CVE-2020-13552
8.8 - High
- February 17, 2021
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect Default Permissions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation
CVE-2020-13553
8.8 - High
- February 17, 2021
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
Incorrect Default Permissions
WebAccess/SCADA, Version 8.3
CVE-2019-6523
9.8 - Critical
- February 05, 2019
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
SQL Injection
WebAccess/SCADA, Version 8.3
CVE-2019-6521
8.6 - High
- February 05, 2019
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
authentification
WebAccess/SCADA, Version 8.3
CVE-2019-6519
9.8 - Critical
- February 05, 2019
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
authentification
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817
CVE-2018-5443
5.3 - Medium
- January 25, 2018
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
SQL Injection
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817
CVE-2018-5445
5.3 - Medium
- January 25, 2018
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Advantech Webaccessscada or by Advantech? Click the Watch button to subscribe.
