Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webaccess_scada
(Advantech)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-15 | CVE-2021-38431 | An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | Webaccess_scada | 4.3 | ||
| 2018-05-15 | CVE-2018-8845 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-8841 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.8 | ||
| 2018-05-15 | CVE-2018-7505 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-7503 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 | ||
| 2018-05-15 | CVE-2018-7501 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 | ||
| 2018-05-15 | CVE-2018-7499 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-7497 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 9.8 | ||
| 2018-05-15 | CVE-2018-7495 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 7.5 | ||
| 2018-05-15 | CVE-2018-10591 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | Webaccess, Webaccess\/nms, Webaccess_dashboard, Webaccess_scada | 6.1 |