Vulnerabilities > Advantech > Webaccess
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-19 | CVE-2019-3954 | Out-of-bounds Write vulnerability in Advantech Webaccess 8.4.0 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | 7.5 |
| 2019-06-18 | CVE-2019-3953 | Out-of-bounds Write vulnerability in Advantech Webaccess 8.4.0 Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | 7.5 |
| 2019-04-09 | CVE-2019-3941 | Missing Authentication for Critical Function vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | 6.4 |
| 2019-04-09 | CVE-2019-3940 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess 8.3.4 Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. | 7.5 |
| 2019-04-05 | CVE-2019-6554 | Unspecified vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 5.0 |
| 2019-04-05 | CVE-2019-6552 | Command Injection vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
| 2019-04-05 | CVE-2019-6550 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
| 2018-10-31 | CVE-2018-15707 | Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2 Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. | 3.5 |
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.8 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 8.5 |