Page 23 of 200 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. El procesamiento de archivos .pm3 especialmente manipulados en Advantech WebAccess HMI Designer, en versiones 2.1.7.32 y anteriores, podría provocar que el sistema escriba fuera del área del búfer planeada y podría permitir la ejecución remota de código. • http://www.securityfocus.com/bid/103972 https://ics-cert.us-cert.gov/advisories/ICSA-18-114-03 • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 1

The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). La función VBWinExec en Node\AspVBObj.dll en Advantech WebAccess 8.3.0 permite que atacantes remotos ejecuten comandos arbitrarios del sistema operativo mediante un único argumento (también conocido como parámetro command). Advantech WebAccess Node version 8.3.0 suffers from an AspVBObj.dll code execution dll hijacking vulnerability. • https://www.exploit-db.com/exploits/44031 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.3EPSS: 4%CPEs: 1EXPL: 0

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. Se ha descubierto un problema de inyección SQL en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. WebAccess/SCADA no sanea adecuadamente sus entradas para comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. Se ha descubierto un problema de salto de directorio en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. Un atacante tiene acceso de lectura a archivos en la estructura de directorio del dispositivo objetivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. Se ha descubierto un problema de subida no restringida de archivos con tipo peligroso en Advantech WebAccess en versiones anteriores a la 8.3. WebAccess permite que un atacante remoto ejecute código arbitrario. • https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A • CWE-434: Unrestricted Upload of File with Dangerous Type •