Filtered by vendor Advantech
Subscribe
Search
Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-18257 | 1 Advantech | 1 Diaganywhere | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server. | |||||
| CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2020-10-22 | 5.0 MEDIUM | 7.5 HIGH |
| The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | |||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2020-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2019-13550 | 1 Advantech | 1 Webaccess | 2020-10-16 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | |||||
| CVE-2019-13556 | 1 Advantech | 1 Webaccess | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. | |||||
| CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | |||||
| CVE-2018-7499 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2020-10-02 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-16202 | 1 Advantech | 1 Webaccess | 2020-09-30 | 7.2 HIGH | 7.8 HIGH |
| WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. | |||||
| CVE-2018-8845 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-8833 | 1 Advantech | 1 Webaccess Hmi Designer | 2020-09-29 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | |||||
| CVE-2018-18999 | 2 Advantech, Microsoft | 2 Webaccess\/scada, Windows Server 2008 | 2020-09-18 | 7.5 HIGH | 7.3 HIGH |
| WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. | |||||
| CVE-2020-16245 | 1 Advantech | 1 Iview | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
| CVE-2018-14816 | 1 Advantech | 1 Webaccess | 2020-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2019-10991 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. | |||||
| CVE-2019-3941 | 1 Advantech | 1 Webaccess | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | |||||
| CVE-2019-3954 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. | |||||
| CVE-2019-10989 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. | |||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | |||||
| CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. | |||||
| CVE-2018-15704 | 1 Advantech | 1 Webaccess | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. | |||||
| CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-16213 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
| CVE-2020-16207 | 1 Advantech | 1 Webaccess\/hmi Designer | 2020-08-10 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-14503 | 1 Advantech | 1 Iview | 2020-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-14501 | 1 Advantech | 1 Iview | 2020-07-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account. | |||||
| CVE-2020-14505 | 1 Advantech | 1 Iview | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. | |||||
| CVE-2020-14497 | 1 Advantech | 1 Iview | 2020-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. | |||||
| CVE-2020-14507 | 1 Advantech | 1 Iview | 2020-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
| CVE-2020-12014 | 1 Advantech | 1 Webaccess | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | |||||
| CVE-2020-12018 | 1 Advantech | 1 Webaccess | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. | |||||
| CVE-2020-12022 | 1 Advantech | 1 Webaccess | 2020-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. | |||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
| CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
| CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 5.0 MEDIUM | 7.5 HIGH |
| WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. | |||||
| CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | |||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
| CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
| CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2020-04-10 | 6.5 MEDIUM | 8.8 HIGH |
| WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | |||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
| CVE-2019-3942 | 1 Advantech | 1 Webaccess | 2020-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. | |||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2020-04-01 | 6.5 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2019-3951 | 1 Advantech | 1 Webaccess | 2019-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. | |||||
| CVE-2019-3940 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | |||||
| CVE-2019-13558 | 1 Advantech | 1 Webaccess | 2019-10-09 | 9.0 HIGH | 9.8 CRITICAL |
| In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2019-10961 | 1 Advantech | 1 Webaccess Hmi Designer | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | |||||
| CVE-2018-7503 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | |||||