Vulnerabilities > Advantech > Webaccess Scada > 9.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-1437 Unspecified vulnerability in Advantech Webaccess/Scada
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers.
network
low complexity
advantech
critical
9.8
2023-06-06 CVE-2023-22450 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
network
low complexity
advantech
7.2
2023-06-06 CVE-2023-32540 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
network
low complexity
advantech
critical
9.8
2023-06-06 CVE-2023-32628 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
network
low complexity
advantech
critical
9.8
2021-06-18 CVE-2021-32954 Path Traversal vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
network
low complexity
advantech CWE-22
6.5
2021-06-18 CVE-2021-32956 Unspecified vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
network
low complexity
advantech
6.1
2021-04-26 CVE-2021-22669 Unspecified vulnerability in Advantech Webaccess/Scada
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
network
low complexity
advantech
8.8
2021-03-03 CVE-2020-13554 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
7.8
2021-02-23 CVE-2020-25161 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
network
low complexity
advantech CWE-610
8.8
2021-02-17 CVE-2020-13555 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8