CVE-2019-6550 – Advantech WebAccess Node makensis Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6550
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 https://www.zerodayinitiative.com/advisories/ZDI-19-585 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-6552 – Advantech WebAccess Node bwrunmie Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6552
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Múltiples vulnerabilidades de inyección de comandos, provocadas por la falta de una validación correcta de la longitud de los datos proporcionados, podrían permitir una ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-6554 – Advantech WebAccess Node UninstallWA Improper Access Control Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-6554
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA, en versiones 8.3.5 y anteriores. Una vulnerabilidad de control de acceso incorrecto podría permitir que un atacante provoque una condición de denegación de servicio (DoS). This vulnerability allows remote attackers to create a denial-of-service condition on vulnerable installations of Advantech WebAccess Node. • https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 • CWE-284: Improper Access Control •
CVE-2018-18999
https://notcve.org/view.php?id=CVE-2018-18999
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. WebAccess/SCADA, WebAccess/SCADA en su versión 8.3.2 instalada en Windows 2008 R2 SP1. La falta de validación adecuada de entradas proporcionadas por el usuario podría permitir que un atacante provoque el desbordamiento de un búfer de la pila. • http://www.securityfocus.com/bid/106245 https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 https://www.tenable.com/security/research/tra-2018-45 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2018-15705 – Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15705
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. WADashboard API en Advantech WebAccess 8.3.1 y 8.3.2 permite que atacantes autenticados remotos escriban o sobrescriban cualquier archivo del sistema de archivos debido a una vulnerabilidad de salto de directorio en la API writeFile. Un atacante puede emplear esta vulnerabilidad para ejecutar código arbitrario de forma remota. Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/45774 https://www.tenable.com/security/research/tra-2018-35 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •