Vulnerabilities > Advantech > Webaccess Scada > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-1437 | Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. | 9.8 |
| 2023-06-06 | CVE-2023-32628 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 9.8 |
| 2023-06-06 | CVE-2023-32540 | Code Injection vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 9.8 |
| 2021-04-26 | CVE-2021-22669 | Incorrect Permission Assignment for Critical Resource vulnerability in Advantech Webaccess/Scada Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | 9.0 |