CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6523
https://notcve.org/view.php?id=CVE-2019-6523
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA, en la versión 8.3, no sanea adecuadamente sus entradas para comandos SQL. • http://www.securityfocus.com/bid/106722 https://ics-cert.us-cert.gov/advisories/ICSA-19-024-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18999
https://notcve.org/view.php?id=CVE-2018-18999
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. WebAccess/SCADA, WebAccess/SCADA en su versión 8.3.2 instalada en Windows 2008 R2 SP1. La falta de validación adecuada de entradas proporcionadas por el usuario podría permitir que un atacante provoque el desbordamiento de un búfer de la pila. • http://www.securityfocus.com/bid/106245 https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 https://www.tenable.com/security/research/tra-2018-45 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 2CVE-2018-15705 – Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15705
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. WADashboard API en Advantech WebAccess 8.3.1 y 8.3.2 permite que atacantes autenticados remotos escriban o sobrescriban cualquier archivo del sistema de archivos debido a una vulnerabilidad de salto de directorio en la API writeFile. Un atacante puede emplear esta vulnerabilidad para ejecutar código arbitrario de forma remota. Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/45774 https://www.tenable.com/security/research/tra-2018-35 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-15706
https://notcve.org/view.php?id=CVE-2018-15706
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. WADashboard API en Advantech WebAccess 8.3.1 y 8.3.2 permite que atacantes autenticados remotos lean cualquier archivo del sistema de archivos debido a una vulnerabilidad de salto de directorio en la API readFile. • https://www.tenable.com/security/research/tra-2018-35 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-15707 – Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15707
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. Advantech WebAccess 8.3.1 y 8.3.2 son vulnerables a Cross-Site Scripting (XSS) en la página Bwmainleft.asp. Un atacante podría aprovechar esta vulnerabilidad para divulgar credenciales, entre otras cosas. Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/45774 https://www.tenable.com/security/research/tra-2018-35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •