CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1CVE-2013-2299 – Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2299
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en Advantech WebAccess (anteriormente BroadWin WebAccess) anterior a v7.1 2013.05.30 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/23968 http://ics-cert.us-cert.gov/advisories/ICSA-13-225-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2013-1627 – Advantech Studio 7.0 - SCADA/HMI Directory Traversal
https://notcve.org/view.php?id=CVE-2013-1627
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function. Vulnerabilidad de salto de directorio absoluto en NTWebServer.exe en Indusoft Studio v7.0 y anteriores, y Advantech Studio v7.0 y anteriores, permite a atacantes remotos leer archivos de su elección a través de un nombre de ruta absoluto en un argumento a la función sub_401A90 CreateFileW. • https://www.exploit-db.com/exploits/23132 http://ics-cert.us-cert.gov/pdf/ICSA-13-067-01.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2012-0240
https://notcve.org/view.php?id=CVE-2012-0240
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. GbScriptAddUp.asp en Advantech/Broadwin WebAccess antes de v7.0, no realiza correctamente la autenticación, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4522
https://notcve.org/view.php?id=CVE-2011-4522
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de bwerrdn.asp de Advantech/BroadWin WebAccess anteriores a 7.0. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de parámetros sin especificar. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-1914
https://notcve.org/view.php?id=CVE-2011-1914
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Advantech ADAM OLE para el control ActiveX Process Control (OPC) Server de ADAM OPC Server anteriores a 3.01.012, Modbus RTU OPC Server anteriores a 3.01.010, y Modbus TCP OPC Server anteriores a 3.01.010 permite a atacantes remotos ejecutar código arbitrrio a través de vectores sin especificar. • http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •