Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2019-18227 | XXE vulnerability in Advantech Wise-Paas/Rmm 3.3.29 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. | 5.0 |
| 2019-09-26 | CVE-2019-16901 | Improper Handling of Exceptional Conditions vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | 5.0 |
| 2019-09-26 | CVE-2019-16900 | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | 5.0 |
| 2019-09-26 | CVE-2019-16899 | Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1.9.31 In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | 5.0 |
| 2019-09-18 | CVE-2019-13556 | Out-of-bounds Write vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. | 6.5 |
| 2019-09-18 | CVE-2019-13552 | Command Injection vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. | 6.5 |
| 2019-04-09 | CVE-2019-3941 | Missing Authentication for Critical Function vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | 6.4 |
| 2019-04-05 | CVE-2019-6554 | Unspecified vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 5.0 |
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.8 |
| 2018-10-22 | CVE-2018-15703 | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 4.3 |