Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-3940 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess 8.3.4
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call.
network
low complexity
advantech CWE-434
critical
 9.8
9.8
2019-04-05 CVE-2019-6552 OS Command Injection vulnerability in Advantech Webaccess
Advantech WebAccess/SCADA, Versions 8.3.5 and prior.
network
low complexity
advantech CWE-78
critical
 9.8
9.8
2019-04-05 CVE-2019-6550 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess/SCADA, Versions 8.3.5 and prior.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2019-02-05 CVE-2019-6523 SQL Injection vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-89
critical
 9.8
9.8
2019-02-05 CVE-2019-6519 Improper Authentication vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-287
critical
 9.8
9.8
2018-10-23 CVE-2018-14816 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2018-10-23 CVE-2018-14806 Path Traversal vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2018-05-15 CVE-2018-8845 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
 9.8
9.8
2018-05-15 CVE-2018-7505 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-434
critical
 9.8
9.8
2018-05-15 CVE-2018-7499 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
 9.8
9.8