CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2018-7495 – Advantech WebAccess Node webvrpcs drawsrv Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2018-7495
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anteriores, Web... • http://www.securityfocus.com/bid/104190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7497 – Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-7497
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anter... • http://www.securityfocus.com/bid/104190 • CWE-476: NULL Pointer Dereference CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2018-7503 – Advantech WebAccess NMS DownloadAction Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7503
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y anter... • http://www.securityfocus.com/bid/104190 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-7501 – Advantech WebAccess Node BWSCADASoap GetNodeList SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-7501
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteriores, WebAccess Dashboard en versiones V.2.0.15 y... • http://www.securityfocus.com/bid/104190 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10591
https://notcve.org/view.php?id=CVE-2018-10591
15 May 2018 — In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. En Advantech WebAccess en versiones V8.2_20170817 y anteriores, WebAccess en versiones V8.3.0 y anteri... • http://www.securityfocus.com/bid/104190 • CWE-346: Origin Validation Error CWE-384: Session Fixation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-5445 – Advantech WebAccess Node certUpdate filename Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5445
25 Jan 2018 — A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. Se ha descubierto un problema de salto de directorio en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. Un atacante tiene acceso de lectura a archivos en la estructura de directorio del dispositivo objetivo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installat... • http://www.securityfocus.com/bid/102781 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5443 – Advantech WebAccess Node uMailLogin Proj SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5443
25 Jan 2018 — A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands. Se ha descubierto un problema de inyección SQL en Advantech WebAccess/SCADA en versiones anteriores a la V8.2_20170817. WebAccess/SCADA no sanea adecuadamente sus entradas para comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. • http://www.securityfocus.com/bid/102781 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •