CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33023 – Advantech WebAccess
https://notcve.org/view.php?id=CVE-2021-33023
18 Oct 2021 — Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante ejecutar código de forma remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnera... • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38431 – Advantech WebAccess SCADA
https://notcve.org/view.php?id=CVE-2021-38431
15 Oct 2021 — An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. Un usuario autenticado usando Advantech WebAccess SCADA en versiones 9.0.3 y anteriores, puede usar funciones de la API para revelar nombres de proyectos y rutas de otros usuarios • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38408 – Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38408
03 Sep 2021 — A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Advantech WebAccess versiones 9.02 y anteriores, causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuario puede permitir una ejecución de código remota This vulnerability allows remote... • https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32943
https://notcve.org/view.php?id=CVE-2021-32943
10 Aug 2021 — The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). El producto afectado es vulnerable a un desbordamiento del búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar remotamente código arbitrario en el WebAccess/SCADA (WebAccess/SCADA versiones anteriores a 8.4.5, WebAccess/SCADA versiones anterio... • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22676
https://notcve.org/view.php?id=CVE-2021-22676
10 Aug 2021 — UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). El archivo UserExcelOut.asp dentro de WebAccess/SCADA es vulnerable a un ataque de tipo cross-site scripting (XSS), que podría permi... • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22674
https://notcve.org/view.php?id=CVE-2021-22674
10 Aug 2021 — The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). El producto afectado es vulnerable a una condición de salto de ruta relativa, que puede permitir a un atacante acceder a archivos y directorios no autorizados en el WebAccess/SCADA (WebAccess/SCADA versiones anteriores a 8.4.5, WebAccess/SCADA versiones ant... • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32951 – Advantech WebAccess/NMS Improper Authentication
https://notcve.org/view.php?id=CVE-2021-32951
19 Jul 2021 — WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. WebAccess/NMS (versiones anteriores a v3.0.3_Build6299) presenta una vulnerabilidad de autenticación inapropiada, que puede permitir a usuarios no autorizados visualizar los recursos supervisados y controlados por WebAccess/NMS, así co... • https://us-cert.cisa.gov/ics/advisories/icsa-21-229-02 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33004 – Advantech WebAccess/HMI Designer PM3 File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33004
24 Jun 2021 — The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El producto afectado es vulnerable a una condición de corrupción de memoria debido a una falta de comprobación apropiada de los archivos suministrados por el usuario, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33002 – Advantech WebAccess/HMI Designer PM3 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33002
24 Jun 2021 — Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). Abriendo un archivo de proyecto diseñado maliciosamente puede causar una escritura fuera de límites, que puede permitir a un atacante ejecutar código arbitrario. Es requerida una interacción del usuario en el WebAccess HMI Designer (versiones 2.1.9.95 y anteriores) This vulnerability allows... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32954
https://notcve.org/view.php?id=CVE-2021-32954
18 Jun 2021 — Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un salto de directorio, que puede permitir a un atacante leer remotamente archivos arbitrarios en el sistema de archivos • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •