Filtered by vendor Advantech
Subscribe
Total
378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
|
|||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
|
|||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2020-12026 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
|
|||||
| CVE-2020-12022 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
|
|||||
| CVE-2020-12019 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2020-12018 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
|
|||||
| CVE-2020-12014 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.
|
|||||
| CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.
|
|||||
| CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
|
|||||
| CVE-2020-12002 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
|
|||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
|
|||||
| CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
|
|||||
| CVE-2020-10629 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
|
|||||
| CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
|
|||||
| CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
|||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
|
|||||
| CVE-2020-10619 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
|
|||||
| CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
|
|||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
|
|||||
| CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
|
|||||
| CVE-2019-6554 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
|
|||||
| CVE-2019-6552 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
|
|||||
| CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
|
|||||
| CVE-2019-6523 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
|
|||||
| CVE-2019-6521 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
|
|||||
| CVE-2019-6519 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
|
|||||
| CVE-2019-3975 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
|
|||||
| CVE-2019-3954 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
|
|||||
| CVE-2019-3953 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
|
|||||
| CVE-2019-3951 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
|
|||||
| CVE-2019-3942 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
|
|||||
| CVE-2019-3941 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
|
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
|
|||||
| CVE-2019-3940 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
|
|||||
| CVE-2019-18257 | 1 Advantech | 1 Diaganywhere | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
|
|||||
| CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
|
|||||
| CVE-2019-18233 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
|
|||||
| CVE-2019-18231 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.
|
|||||
| CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
|
|||||
| CVE-2019-18227 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
|
|||||