Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-05-08 CVE-2020-12006 Path Traversal vulnerability in Advantech Webaccess
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2020-05-08 CVE-2020-12002 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2020-05-08 CVE-2020-10638 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2020-04-09 CVE-2020-10631 Path Traversal vulnerability in Advantech Webaccess/Nms 2.0.3
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2020-04-09 CVE-2020-10625 Missing Authentication for Critical Function vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
network
low complexity
advantech CWE-306
critical
 9.8
9.8
2020-04-09 CVE-2020-10619 Path Traversal vulnerability in Advantech Webaccess/Nms 2.0.3
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
network
low complexity
advantech CWE-22
critical
 9.1
9.1
2020-04-09 CVE-2020-10621 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Nms 2.0.3
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
network
low complexity
advantech CWE-434
critical
 9.8
9.8
2019-12-17 CVE-2019-18257 Out-of-bounds Write vulnerability in Advantech Diaganywhere 3.07.11
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2019-12-12 CVE-2019-3951 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2019-10-31 CVE-2019-13551 Path Traversal vulnerability in Advantech Wise-Paas/Rmm 3.3.29
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior.
network
low complexity
advantech CWE-22
critical
 9.8
9.8