CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3943
https://notcve.org/view.php?id=CVE-2015-3943
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. Advantech WebAccess en versiones anteriores a 8.1 permite a atacantes remotos leer información sensible en texto plano sobre cuentas de proyecto de correos electrónicos a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7938
https://notcve.org/view.php?id=CVE-2015-7938
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. Dispositivos EKI-132x con firmware en versiones anteriores a 2015-12-31 permiten a atacantes remotos eludir la autenticación a través de vectores no especificados. • https://ics-cert.us-cert.gov/advisories/ICSA-15-344-01 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2015-6476
https://notcve.org/view.php?id=CVE-2015-6476
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. Dispositivos Advantech EKI-122x-BE con firmware en versiones anteriores a 1.65, disposititvos EKI-132x con firmware en versiones anteriores a 1.98 y dispositivos EKI-136x con firmware en versiones anteriores a 1.27 tienen claves SSH embebidas, lo que hace más facil a atacantes remotos obtener acceso a través de una sesión SSH. • https://ics-cert.us-cert.gov/advisories/ICSA-15-309-01 •
CVSS: 6.9EPSS: 4%CPEs: 1EXPL: 0CVE-2014-9202
https://notcve.org/view.php?id=CVE-2014-9202
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. Desbordamiento de buffer basado en pila múltiple en un archivo DLL no especificado en Advantech WebAccess en versiones anteriores a 8.0_20150816, permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado que desencadena argumentos de cadena largos en funciones. • https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 29%CPEs: 1EXPL: 1CVE-2014-9208 – Advantech Webaccess 8.0 / 3.4.3 - ActiveX Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-9208
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. Múltiple desbordamiento de buffer basado en pila en archivos DLL no especificados en Advantech WebAccess en versiones anteriores a 8.0.1, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX. • https://www.exploit-db.com/exploits/38108 https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •