CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9353 – Advantech SUSIAccess Server Static Encryption Key Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2016-9353
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. Ha sido descubierto un problema en Advantech SUISAccess Server versión 3.0 y anteriores. La contraseña de administrador se almacena en el sistema y se cifra con una clave estática codificada en el programa. • http://www.securityfocus.com/bid/94631 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 2CVE-2016-9349 – Advantech SUSIAccess Server downloadCSV file Parameter Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-9349
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure. Ha sido descubierto un problema en Advantech SUISAccess Server versión 3.0 y anteriores. Un atacante podría atravesar el sistema de archivos y extraer archivos que pueden resultar en divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech SUSIAccess Server. • https://www.exploit-db.com/exploits/42402 https://www.exploit-db.com/exploits/42401 http://www.securityfocus.com/bid/94629 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5810 – Advantech WebAccess upAdminPg Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5810
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. UpAdminPg.asp en Advantech WebAccess versiones anteriores a 8.1_20160519 permite a los administradores autenticados remotos obtener información sensible de contraseñas a través de vectores no especificados. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators' passwords along with the system administrator's password. • http://www.zerodayinitiative.com/advisories/ZDI-16-429 https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4525
https://notcve.org/view.php?id=CVE-2016-4525
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Controles ActiveX no especificados en Advantech WebAccess en versiones anteriores a 8.1_20160519 permiten a usuarios remotos autenticados obtener información sensible o modificar datos a través de vectores desconocidos, relacionado con el indicador INTERFACESAFE_FOR_UNTRUSTED_CALLER (también conocido como secuencias de comandos para guardar). • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4528
https://notcve.org/view.php?id=CVE-2016-4528
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Desbordamiento de buffer en Advantech WebAccess en versiones anteriores a 8.1_20160519 permite a usuarios locales provocar una denegación de servicio a través de un archivo DLL manipulado. • https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •