Vulnerabilities > Advantech > Webaccess > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-05 | CVE-2019-6550 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess Advantech WebAccess/SCADA, Versions 8.3.5 and prior. | 7.5 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 8.5 |
| 2018-10-29 | CVE-2018-17908 | Improper Access Control vulnerability in Advantech Webaccess WebAccess Versions 8.3.2 and prior. | 7.2 |
| 2018-10-23 | CVE-2018-14828 | Improper Privilege Management vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | 7.8 |
| 2018-10-23 | CVE-2018-14820 | Improper Input Validation vulnerability in Advantech Webaccess Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | 7.5 |
| 2018-05-15 | CVE-2018-8845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-7505 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-7499 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-7497 | NULL Pointer Dereference vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | 7.5 |
| 2018-05-15 | CVE-2018-10589 | Path Traversal vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. | 7.5 |