Vulnerabilities > Advantech > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-10 | CVE-2019-3975 | Classic Buffer Overflow vulnerability in Advantech Webaccess 8.4.1 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | 7.5 |
2019-08-02 | CVE-2019-10961 | Out-of-bounds Write vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | 8.8 |
2019-06-28 | CVE-2019-10993 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | 7.5 |
2019-06-28 | CVE-2019-10987 | Out-of-bounds Write vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. | 8.8 |
2019-06-28 | CVE-2019-10983 | Out-of-bounds Read vulnerability in Advantech Webaccess In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. | 7.5 |
2019-06-19 | CVE-2019-3954 | Out-of-bounds Write vulnerability in Advantech Webaccess 8.4.0 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | 7.5 |
2019-06-18 | CVE-2019-3953 | Out-of-bounds Write vulnerability in Advantech Webaccess 8.4.0 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | 7.5 |
2019-04-09 | CVE-2019-3940 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. | 7.5 |
2019-04-05 | CVE-2019-6552 | Command Injection vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
2019-04-05 | CVE-2019-6550 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |