Vulnerabilities > Advantech > Webaccess > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-05 CVE-2019-6552 OS Command Injection vulnerability in Advantech Webaccess
Advantech WebAccess/SCADA, Versions 8.3.5 and prior.
network
low complexity
advantech CWE-78
critical
9.8
2018-10-23 CVE-2018-14806 Path Traversal vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
9.8
2018-10-23 CVE-2018-14816 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-05-15 CVE-2018-10589 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-22
critical
9.8
2018-05-15 CVE-2018-7497 NULL Pointer Dereference vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-476
critical
9.8
2018-05-15 CVE-2018-7499 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-05-15 CVE-2018-7505 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-434
critical
9.8
2018-05-15 CVE-2018-8845 Out-of-bounds Write vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
network
low complexity
advantech CWE-787
critical
9.8
2018-02-13 CVE-2018-6911 OS Command Injection vulnerability in Advantech Webaccess 8.3.0
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
network
low complexity
advantech CWE-78
critical
9.8
2018-01-05 CVE-2017-16716 SQL Injection vulnerability in Advantech Webaccess
A SQL Injection issue was discovered in WebAccess versions prior to 8.3.
network
low complexity
advantech CWE-89
critical
9.8