Page 2 of 13 results (0.021 seconds)

CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 0

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuario, que puede permitir una ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 https://www.zerodayinitiative.com/advisories/ZDI-20-590 https://www.zerodayinitiative.com/advisories/ZDI-20-591 https://www.zerodayinitiative.com/advisories/ZDI-20-592 https://www.zerodayinitiative.com/advisories/ZDI-20-619 https://www.zerodayinitiative.com/advisories/ZDI-20-622 https://www.zerodayinitiative.com/advisories/ZDI-20-624 https://www.zerodayinitiative.com/advisories/ZDI-20-625 https://www.zerodayinitiative.com/advisories/ZDI-20&# • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presenta una vulnerabilidad de lectura fuera de límites que puede permitir el acceso a datos no autorizados. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 https://www.zerodayinitiative.com/advisories/ZDI-20-628 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presenta una vulnerabilidad de comprobación inapropiada que podría permitir a un atacante inyectar información especialmente diseñada dentro de la memoria donde pueda ser ejecutada. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 https://www.zerodayinitiative.com/advisories/ZDI-20-598 • CWE-129: Improper Validation of Array Index •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de salto de ruta relativa que puede permitir a un usuario con poco privilegio sobrescribir archivos fuera del control de la aplicación. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 https://www.zerodayinitiative.com/advisories/ZDI-20-626 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Una entrada no está apropiadamente saneada y puede permitir a un atacante inyectar comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 https://www.zerodayinitiative.com/advisories/ZDI-20-613 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •