Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-05-15 CVE-2018-10591 Session Fixation vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.
network
high complexity
advantech CWE-384
6.1
2018-01-25 CVE-2018-5445 Path Traversal vulnerability in Advantech Webaccess/Scada
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
network
low complexity
advantech CWE-22
5.3
2018-01-25 CVE-2018-5443 SQL Injection vulnerability in Advantech Webaccess/Scada
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
network
low complexity
advantech CWE-89
5.3
2018-01-12 CVE-2017-16732 Use After Free vulnerability in Advantech Webaccess
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3.
network
low complexity
advantech CWE-416
6.5
2017-11-06 CVE-2017-14016 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817.
network
low complexity
advantech CWE-119
6.3
2017-05-02 CVE-2016-5810 Information Exposure vulnerability in Advantech Webaccess
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
network
low complexity
advantech CWE-200
4.9
2016-06-25 CVE-2016-4528 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
local
low complexity
advantech CWE-119
5.0
2016-06-25 CVE-2016-4525 Unspecified vulnerability in Advantech Webaccess
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
local
low complexity
advantech
6.6
2016-01-15 CVE-2015-3948 Cross-site Scripting vulnerability in Advantech Webaccess
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
advantech CWE-79
5.4
2016-01-15 CVE-2015-3943 Information Exposure vulnerability in Advantech Webaccess
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors.
network
low complexity
advantech CWE-200
5.3