Vulnerabilities > Advantech > Webaccess > 7.2.2013.11.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-14828 | Improper Privilege Management vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 7.8 |
| 2018-10-23 | CVE-2018-14820 | Improper Input Validation vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | 7.5 |
| 2018-10-23 | CVE-2018-14816 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | 9.8 |
| 2018-10-23 | CVE-2018-14806 | Path Traversal vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | 9.8 |
| 2018-10-22 | CVE-2018-15704 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. | 9.0 |
| 2018-10-22 | CVE-2018-15703 | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 4.3 |
| 2018-05-15 | CVE-2018-8845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-8841 | Improper Privilege Management vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | 4.6 |
| 2018-05-15 | CVE-2018-7505 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-7503 | Path Traversal vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | 5.0 |