Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-05-15 CVE-2018-7497 NULL Pointer Dereference vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-476
critical
 9.8
9.8
2018-05-15 CVE-2018-10589 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2018-02-13 CVE-2018-6911 OS Command Injection vulnerability in Advantech Webaccess 8.3.0
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
network
low complexity
advantech CWE-78
critical
 9.8
9.8
2018-01-05 CVE-2017-16724 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3.
network
low complexity
advantech CWE-119
critical
 9.8
9.8
2018-01-05 CVE-2017-16720 Path Traversal vulnerability in Advantech Webaccess
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2018-01-05 CVE-2017-16716 SQL Injection vulnerability in Advantech Webaccess
A SQL Injection issue was discovered in WebAccess versions prior to 8.3.
network
low complexity
advantech CWE-89
critical
 9.8
9.8
2017-08-30 CVE-2017-12708 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
critical
 9.8
9.8
2017-08-30 CVE-2017-12706 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
critical
 9.8
9.8
2017-08-30 CVE-2017-12698 Improper Authentication vulnerability in Advantech Webaccess
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-287
critical
 9.8
9.8
2017-02-13 CVE-2017-5154 SQL Injection vulnerability in Advantech Webaccess 8.1
An issue was discovered in Advantech WebAccess Version 8.1.
network
low complexity
advantech CWE-89
critical
 9.8
9.8