Page 4 of 91 results (0.013 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. En WebAccess versiones 8.4.1 y anteriores, una explotación ejecutada por medio de la red puede causar un control inapropiado de la generación de código, lo que puede permitir la ejecución de código remota, la filtración de datos o un causar un bloqueo del sistema. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. En WebAccess, versiones 8.4.1 y anteriores, una vulnerabilidad de autorización inapropiada puede permitir a un atacante revelar información confidencial, causar un control inadecuando de la generación de código, lo que puede permitir la ejecución de código remota o causar un bloqueo del sistema. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-285: Improper Authorization •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. En WebAccess versiones 8.4.1 y anteriores, múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria son debido a la falta de una comprobación apropiada de la longitud de los datos suministrados por el usuario. La explotación de estas vulnerabilidades puede permitir la ejecución de código remota. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. En WebAccess versiones 8.4.1 y anteriores, múltiples vulnerabilidades de inyección de comandos son causadas por una falta de comprobación apropiada de los datos suministrados por el usuario y pueden permitir la eliminación de archivos arbitraria y la ejecución de código remota. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within BwDlgpUp.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.us-cert.gov/ics/advisories/icsa-19-260-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0

In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. En WebAccess/SCADA versiones 8.3.5 y anteriores, se han identificado múltiples vulnerabilidades de desreferencia de puntero podrían permitir que un atacante remoto ejecute código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x27F4 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. • https://www.us-cert.gov/ics/advisories/icsa-19-178-05 https://www.zerodayinitiative.com/advisories/ZDI-19-597 https://www.zerodayinitiative.com/advisories/ZDI-19-598 https://www.zerodayinitiative.com/advisories/ZDI-19-601 https://www.zerodayinitiative.com/advisories/ZDI-19-602 https://www.zerodayinitiative.com/advisories/ZDI-19-603 https://www.zerodayinitiative.com/advisories/ZDI-19-605 https://www.zerodayinitiative.com/advisories/ZDI-19-606 https://www.zerodayinitiative.com/advisories/ZDI-19&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •