Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-22 | CVE-2020-16202 | WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. | Webaccess | 7.8 | ||
| 2021-06-11 | CVE-2021-34540 | Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | Webaccess | 6.1 | ||
| 2021-09-09 | CVE-2021-38408 | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | Webaccess | 9.8 | ||
| 2021-10-18 | CVE-2021-33023 | Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | Webaccess | 9.8 | ||
| 2021-10-18 | CVE-2021-38389 | Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | Webaccess | 9.8 | ||
| 2023-06-07 | CVE-2023-2866 | If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | Webaccess | 7.8 | ||
| 2023-10-17 | CVE-2023-4215 | Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | Webaccess | 7.5 | ||
| 2018-10-23 | CVE-2018-14806 | Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | Webaccess | 9.8 | ||
| 2018-10-23 | CVE-2018-14816 | Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | Webaccess | 9.8 | ||
| 2018-10-23 | CVE-2018-14820 | Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | Webaccess | 7.5 |