Vulnerabilities > Advantech > Webaccess Scada > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-19 CVE-2018-18999 Out-of-bounds Write vulnerability in Advantech Webaccess/Scada 8.3.2
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.
network
low complexity
advantech CWE-787
7.3
2018-05-15 CVE-2018-8841 Improper Privilege Management vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
local
low complexity
advantech CWE-269
7.8
2018-05-15 CVE-2018-7503 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-7501 SQL Injection vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
network
low complexity
advantech CWE-89
7.5
2018-05-15 CVE-2018-7495 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-10590 File and Directory Information Exposure vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
network
low complexity
advantech CWE-538
7.5