Vulnerabilities > Advantech > Webaccess

DATE CVE VULNERABILITY TITLE RISK
2018-10-29 CVE-2018-17910 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
WebAccess Versions 8.3.2 and prior.
local
low complexity
advantech CWE-119
7.8
2018-10-29 CVE-2018-17908 Improper Access Control vulnerability in Advantech Webaccess
WebAccess Versions 8.3.2 and prior.
local
low complexity
advantech CWE-284
7.8
2018-10-23 CVE-2018-14828 Improper Privilege Management vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
local
low complexity
advantech CWE-269
7.8
2018-10-23 CVE-2018-14820 Improper Input Validation vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
network
low complexity
advantech CWE-20
7.5
2018-10-23 CVE-2018-14816 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-10-23 CVE-2018-14806 Path Traversal vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
9.8
2018-10-22 CVE-2018-15704 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability.
network
low complexity
advantech CWE-787
8.8
2018-10-22 CVE-2018-15703 Cross-site Scripting vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities.
network
low complexity
advantech CWE-79
6.1
2018-05-15 CVE-2018-8845 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-05-15 CVE-2018-8841 Improper Privilege Management vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
local
low complexity
advantech CWE-269
7.8