Vulnerabilities > Advantech > Webaccess Scada
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-1437 | Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. | 9.8 |
| 2023-06-06 | CVE-2023-22450 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 7.2 |
| 2023-06-06 | CVE-2023-32540 | Code Injection vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 9.8 |
| 2023-06-06 | CVE-2023-32628 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 9.8 |
| 2021-10-15 | CVE-2021-38431 | Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3 An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | 4.3 |
| 2021-08-10 | CVE-2021-22676 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. | 6.1 |
| 2021-08-10 | CVE-2021-32943 | Out-of-bounds Write vulnerability in Advantech Webaccess/Scada The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | 9.8 |
| 2021-08-10 | CVE-2021-22674 | Path Traversal vulnerability in Advantech Webaccess/Scada The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | 6.5 |
| 2021-06-18 | CVE-2021-32954 | Path Traversal vulnerability in Advantech Webaccess/Scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | 6.5 |
| 2021-06-18 | CVE-2021-32956 | Open Redirect vulnerability in Advantech Webaccess/Scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | 6.1 |