CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-2299 – Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2299
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en Advantech WebAccess (anteriormente BroadWin WebAccess) anterior a v7.1 2013.05.30 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/23968 http://ics-cert.us-cert.gov/advisories/ICSA-13-225-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4525
https://notcve.org/view.php?id=CVE-2011-4525
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. Advantech/BroadWin WebAccess anteriores a 7.0 permite a atacantes remotos extraer contenido web arbitrario en un fichero batch en un sistema cliente y ejecutar este archivo, a través de vectores sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0236
https://notcve.org/view.php?id=CVE-2012-0236
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." Advantech/Broadwin WebAccess v7.0 y versiones anteriores permite a atacantes remotos obtener información sensible a través de una petición directa a una dirección URL. NOTA: el proveedor de los informes, "no considera que sea un riesgo para la seguridad." • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2012-0242 – BroadWin Webaccess Client - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0242
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Vulnerabilidad de formato de cadena en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar código arbitrario mediante especificadores de formato de cadena en una cadena de mensaje. • https://www.exploit-db.com/exploits/17772 http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4522
https://notcve.org/view.php?id=CVE-2011-4522
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de bwerrdn.asp de Advantech/BroadWin WebAccess anteriores a 7.0. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •