Vulnerabilities > Advantech > Webaccess NMS > High

DATE CVE VULNERABILITY TITLE RISK
2020-04-09 CVE-2020-10629 XXE vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input.
network
low complexity
advantech CWE-611
7.5
2020-04-09 CVE-2020-10617 SQL Injection vulnerability in Advantech Webaccess/Nms 2.0.3
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
network
low complexity
advantech CWE-89
7.5
2020-04-09 CVE-2020-10603 OS Command Injection vulnerability in Advantech Webaccess/Nms 2.0.3
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
network
low complexity
advantech CWE-78
8.8
2018-05-15 CVE-2018-8841 Improper Privilege Management vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
local
low complexity
advantech CWE-269
7.8
2018-05-15 CVE-2018-7503 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-7501 SQL Injection vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
network
low complexity
advantech CWE-89
7.5
2018-05-15 CVE-2018-7495 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-10590 File and Directory Information Exposure vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
network
low complexity
advantech CWE-538
7.5