Advantech Webaccess
66 CVEs affecting Advantech Webaccess. Latest disclosed: 2023-10-16. Critical: 11, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-38389 | Critical | 9.8 | 2021-10-18 | Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. |
CVE-2021-33023 | Critical | 9.8 | 2021-10-18 | Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. |
CVE-2017-12708 | Critical | 9.8 | 2017-08-30 | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researc… |
CVE-2017-12706 | Critical | 9.8 | 2017-08-30 | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities… |
CVE-2017-12698 | Critical | 9.8 | 2017-08-30 | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authenticat… |
CVE-2017-5154 | Critical | 9.8 | 2017-02-13 | An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to t… |
CVE-2016-0859 | Critical | 9.8 | 2016-01-15 | Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-… |
CVE-2016-0857 | Critical | 9.8 | 2016-01-15 | Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. |
CVE-2016-0856 | Critical | 9.8 | 2016-01-15 | Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. |
CVE-2016-0854 | Critical | 9.8 | 2016-01-15 | Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAcces… |
CVE-2017-5152 | Critical | 9.1 | 2017-02-13 | An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able… |
CVE-2017-12704 | High | 8.8 | 2017-08-30 | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities… |
CVE-2017-12702 | High | 8.8 | 2017-08-30 | An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user prov… |
CVE-2015-3946 | High | 8.8 | 2016-01-15 | Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims v… |
CVE-2016-0858 | High | 8.1 | 2016-01-15 | Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted… |
CVE-2015-6467 | High | 8.1 | 2016-01-15 | Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. |
CVE-2015-3947 | High | 8.1 | 2016-01-15 | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
CVE-2017-12717 | High | 7.8 | 2017-08-30 | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier… |
CVE-2017-12713 | High | 7.8 | 2017-08-30 | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folder… |
CVE-2017-12711 | High | 7.8 | 2017-08-30 | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensi… |