Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-06-28 CVE-2019-10989 Out-of-bounds Write vulnerability in Advantech Webaccess
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data.
network
low complexity
advantech CWE-787
critical
9.8
2019-06-28 CVE-2019-10985 Path Traversal vulnerability in Advantech Webaccess
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations.
network
low complexity
advantech CWE-22
critical
9.1
2018-10-29 CVE-2018-17910 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
WebAccess Versions 8.3.2 and prior.
network
advantech CWE-119
critical
9.3
2018-10-23 CVE-2018-14816 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-10-23 CVE-2018-14806 Path Traversal vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
9.8
2018-10-22 CVE-2018-15704 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability.
network
low complexity
advantech CWE-787
critical
9.0
2018-02-13 CVE-2018-6911 OS Command Injection vulnerability in Advantech Webaccess 8.3.0
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
network
low complexity
advantech CWE-78
critical
10.0
2018-01-05 CVE-2017-16720 Path Traversal vulnerability in Advantech Webaccess
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier.
network
low complexity
advantech CWE-22
critical
10.0
2017-08-30 CVE-2017-12708 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
critical
10.0
2016-02-21 CVE-2016-2275 Improper Access Control vulnerability in Advantech Vesp211-232 Firmware and Vesp211-Eu Firmware
The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
network
low complexity
advantech CWE-284
critical
10.0