Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-15 | CVE-2018-10591 | Session Fixation vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. | 6.1 |
| 2018-01-25 | CVE-2018-5445 | Path Traversal vulnerability in Advantech Webaccess/Scada A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. | 5.3 |
| 2018-01-25 | CVE-2018-5443 | SQL Injection vulnerability in Advantech Webaccess/Scada A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. | 5.3 |
| 2018-01-12 | CVE-2017-16732 | Use After Free vulnerability in Advantech Webaccess A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. | 6.5 |
| 2017-11-06 | CVE-2017-14016 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. | 6.3 |
| 2017-05-02 | CVE-2016-5810 | Information Exposure vulnerability in Advantech Webaccess upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | 4.9 |
| 2016-06-25 | CVE-2016-4528 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | 5.0 |
| 2016-06-25 | CVE-2016-4525 | Unspecified vulnerability in Advantech Webaccess Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 6.6 |
| 2016-01-15 | CVE-2015-3948 | Cross-site Scripting vulnerability in Advantech Webaccess Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-15 | CVE-2015-3943 | Information Exposure vulnerability in Advantech Webaccess Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | 5.3 |