Vulnerabilities > Advantech > Webaccess > High

DATE CVE VULNERABILITY TITLE RISK
2019-09-18 CVE-2019-13552 Command Injection vulnerability in Advantech Webaccess
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
network
low complexity
advantech CWE-77
8.8
2019-06-28 CVE-2019-10987 Out-of-bounds Write vulnerability in Advantech Webaccess
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data.
network
low complexity
advantech CWE-787
8.8
2019-06-28 CVE-2019-10983 Out-of-bounds Read vulnerability in Advantech Webaccess
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data.
network
low complexity
advantech CWE-125
7.5
2019-04-09 CVE-2019-3941 Missing Authentication for Critical Function vulnerability in Advantech Webaccess 8.3.4
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
network
low complexity
advantech CWE-306
7.5
2019-04-05 CVE-2019-6554 Unspecified vulnerability in Advantech Webaccess
Advantech WebAccess/SCADA, Versions 8.3.5 and prior.
network
low complexity
advantech
7.5
2018-10-29 CVE-2018-17910 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
WebAccess Versions 8.3.2 and prior.
local
low complexity
advantech CWE-119
7.8
2018-10-29 CVE-2018-17908 Improper Access Control vulnerability in Advantech Webaccess
WebAccess Versions 8.3.2 and prior.
local
low complexity
advantech CWE-284
7.8
2018-10-23 CVE-2018-14828 Improper Privilege Management vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.
local
low complexity
advantech CWE-269
7.8
2018-10-23 CVE-2018-14820 Improper Input Validation vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.
network
low complexity
advantech CWE-20
7.5
2018-10-22 CVE-2018-15704 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability.
network
low complexity
advantech CWE-787
8.8