Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-05-15 | CVE-2018-7495 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 | ||
| 2018-10-29 | CVE-2018-17910 | WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. | Webaccess | 7.8 | ||
| 2018-10-29 | CVE-2018-17908 | WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. | Webaccess | 7.8 | ||
| 2018-05-15 | CVE-2018-10591 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 6.1 | ||
| 2018-05-15 | CVE-2018-10590 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 | ||
| 2018-05-15 | CVE-2018-10589 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2017-05-06 | CVE-2017-7929 | An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | Webaccess | 7.1 | ||
| 2018-05-09 | CVE-2017-5175 | Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. | Webaccess | 7.8 | ||
| 2018-01-05 | CVE-2017-16753 | An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. | Webaccess | 7.5 | ||
| 2018-01-12 | CVE-2017-16736 | An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. | Webaccess | 7.5 |