Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-09 | CVE-2019-3941 | Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | Webaccess | 7.5 | ||
| 2019-04-05 | CVE-2019-6552 | Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | Webaccess | 9.8 | ||
| 2019-04-09 | CVE-2019-3940 | Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | Webaccess | 9.8 | ||
| 2018-10-31 | CVE-2018-15707 | Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | Webaccess | 5.4 | ||
| 2018-10-31 | CVE-2018-15706 | WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | Webaccess | 6.5 | ||
| 2018-10-31 | CVE-2018-15705 | WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. | Webaccess | 6.5 | ||
| 2018-10-22 | CVE-2018-15703 | Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | Webaccess | 6.1 | ||
| 2017-02-13 | CVE-2017-5154 | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | Webaccess | 9.8 | ||
| 2017-02-13 | CVE-2017-5152 | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | Webaccess | 9.1 | ||
| 2018-01-05 | CVE-2017-16716 | A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. | Webaccess | 9.8 |