Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-08 | CVE-2020-12018 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. | Webaccess | N/A | ||
| 2020-05-08 | CVE-2020-12014 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | Webaccess | N/A | ||
| 2020-04-01 | CVE-2019-3942 | Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. | Webaccess | N/A | ||
| 2020-03-27 | CVE-2020-10607 | In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | Webaccess | N/A | ||
| 2019-12-12 | CVE-2019-3951 | Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. | Webaccess | N/A | ||
| 2019-09-18 | CVE-2019-13558 | In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | Webaccess | N/A | ||
| 2018-05-15 | CVE-2018-8845 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-8841 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.8 | ||
| 2018-05-15 | CVE-2018-7505 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-7503 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 |