CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6523
https://notcve.org/view.php?id=CVE-2019-6523
05 Feb 2019 — WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA, en la versión 8.3, no sanea adecuadamente sus entradas para comandos SQL. • http://www.securityfocus.com/bid/106722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0CVE-2019-6521
https://notcve.org/view.php?id=CVE-2019-6521
05 Feb 2019 — WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. En la versión 8.3 de WebAccess/SCADA, peticiones especialmente manipuladas podrían permitir una omisión de autenticación que podría permitir que un atacante obtenga y manipule información sensible. • http://www.securityfocus.com/bid/106722 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2019-6519
https://notcve.org/view.php?id=CVE-2019-6519
05 Feb 2019 — WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. Existe una vulnerabilidad de autorización incorrecta en la versión 8.3 de WebAccess/SCADA que podría permitir una omisión de autenticación, permitiendo a un atacante subir datos maliciosos. • http://www.securityfocus.com/bid/106722 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18999
https://notcve.org/view.php?id=CVE-2018-18999
19 Dec 2018 — WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. WebAccess/SCADA, WebAccess/SCADA en su versión 8.3.2 instalada en Windows 2008 R2 SP1. La falta de validación adecuada de entradas proporcionadas por el usuario podría permitir que un atacante provoque el desbordamiento de un búfer de la pila. • http://www.securityfocus.com/bid/106245 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10590
https://notcve.org/view.php?id=CVE-2018-10590
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Da... • http://www.securityfocus.com/bid/104190 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10591
https://notcve.org/view.php?id=CVE-2018-10591
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteri... • http://www.securityfocus.com/bid/104190 • CWE-346: Origin Validation Error CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-8841 – Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-8841
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V... • http://www.securityfocus.com/bid/104190 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-8845 – Advantech WebAccess webvrpcs Service viewdll1 strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8845
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, WebAc... • http://www.securityfocus.com/bid/104190 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0CVE-2018-10589 – Advantech WebAccess webvrpcs Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-10589
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, WebAccess Scada... • http://www.securityfocus.com/bid/104190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-7495 – Advantech WebAccess Node webvrpcs drawsrv Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-7495
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, Web... • http://www.securityfocus.com/bid/104190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •