Filtered by vendor Advantech
Subscriptions
Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.1 High |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | ||||
| CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | ||||
| CVE-2020-12002 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | ||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | ||||
| CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
| An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
| CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | ||||
| CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
| WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | ||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 Medium |
| Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | ||||
| CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.1 Critical |
| An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | ||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 High |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | ||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.8 High |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||||
| CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 8.8 High |
| WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | ||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 High |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | ||||
| CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | ||||
| CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
| WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | ||||
| CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
| WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | ||||
| CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | N/A |
| WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | ||||
| CVE-2019-3975 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. | ||||