Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2020-04-09 CVE-2020-10629 XXE vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input.
network
low complexity
advantech CWE-611
7.5
7.5
2020-04-09 CVE-2020-10625 Missing Authentication for Critical Function vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
network
low complexity
advantech CWE-306
critical
 9.8
9.8
2020-04-09 CVE-2020-10623 SQL Injection vulnerability in Advantech Webaccess/Nms 2.0.3
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
network
low complexity
advantech CWE-89
6.5
6.5
2020-04-09 CVE-2020-10619 Path Traversal vulnerability in Advantech Webaccess/Nms 2.0.3
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
network
low complexity
advantech CWE-22
critical
 9.1
9.1
2020-04-09 CVE-2020-10617 SQL Injection vulnerability in Advantech Webaccess/Nms 2.0.3
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
network
low complexity
advantech CWE-89
7.5
7.5
2020-04-09 CVE-2020-10603 OS Command Injection vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
network
low complexity
advantech CWE-78
8.8
8.8
2020-04-09 CVE-2020-10621 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Nms 2.0.3
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
network
low complexity
advantech CWE-434
critical
 9.8
9.8
2020-04-01 CVE-2019-3942 Insufficiently Protected Credentials vulnerability in Advantech Webaccess 8.3.4
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files.
network
low complexity
advantech CWE-522
7.5
7.5
2020-03-27 CVE-2020-10607 Out-of-bounds Write vulnerability in Advantech Webaccess
In Advantech WebAccess, Versions 8.4.2 and prior.
network
low complexity
advantech CWE-787
8.8
8.8
2019-12-17 CVE-2019-18257 Out-of-bounds Write vulnerability in Advantech Diaganywhere 3.07.11
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port.
network
low complexity
advantech CWE-787
critical
 9.8
9.8