Vulnerabilities > Advantech > Webaccess Scada > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-1437 Unspecified vulnerability in Advantech Webaccess/Scada
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers.
network
low complexity
advantech
critical
9.8
2023-06-06 CVE-2023-32628 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
network
low complexity
advantech
critical
9.8
2023-06-06 CVE-2023-32540 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
network
low complexity
advantech
critical
9.8
2021-08-10 CVE-2021-32943 Out-of-bounds Write vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-787
critical
9.8
2019-02-05 CVE-2019-6519 Improper Authentication vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-287
critical
9.8
2019-02-05 CVE-2019-6523 SQL Injection vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-89
critical
9.8
2018-05-15 CVE-2018-10589 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
9.8
2018-05-15 CVE-2018-7497 NULL Pointer Dereference vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-476
critical
9.8
2018-05-15 CVE-2018-7499 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-05-15 CVE-2018-7505 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-434
critical
9.8