Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 103 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-23 | CVE-2018-14828 | Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | Webaccess | 7.8 | ||
| 2019-06-28 | CVE-2019-10983 | In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. | Webaccess | 7.5 | ||
| 2019-06-28 | CVE-2019-10987 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | Webaccess | 8.8 | ||
| 2019-06-28 | CVE-2019-10989 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | Webaccess | 9.8 | ||
| 2019-06-28 | CVE-2019-10991 | In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | Webaccess | 9.8 | ||
| 2019-06-28 | CVE-2019-10985 | In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | Webaccess | 9.1 | ||
| 2019-06-28 | CVE-2019-10993 | In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | Webaccess | 9.8 | ||
| 2020-05-08 | CVE-2020-10638 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | Webaccess | 9.8 | ||
| 2019-09-18 | CVE-2019-13552 | In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | Webaccess | 8.8 | ||
| 2020-05-08 | CVE-2020-12002 | Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | Webaccess | 9.8 |