Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-02-21 | CVE-2011-4526 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0 Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | 10.0 |
| 2012-02-21 | CVE-2011-4525 | Permissions, Privileges, and Access Controls vulnerability in Advantech Webaccess 5.0/6.0 Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. | 10.0 |
| 2012-02-21 | CVE-2011-4524 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Advantech Webaccess 5.0/6.0 Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. | 10.0 |
| 2012-02-21 | CVE-2011-4523 | Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0 Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2012-02-21 | CVE-2011-4522 | Cross-Site Scripting vulnerability in Advantech Webaccess 5.0/6.0 Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2012-02-21 | CVE-2011-4521 | SQL Injection vulnerability in Advantech Webaccess 5.0/6.0 SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | 7.5 |
| 2012-02-21 | CVE-2011-1914 | Buffer Errors vulnerability in Advantech products Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2011-05-04 | CVE-2011-0340 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. | 9.3 |
| 2011-01-18 | CVE-2011-0488 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. | 10.0 |