CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1234
https://notcve.org/view.php?id=CVE-2012-1234
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. Vulnerabilidad de inyección SQL en Advantech/BroadWin WebAccess v7.0, permite a usuarios autenticados remotamente ejecutar comandos SQL a través de una dirección URL incorrecta. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-0234. • http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2012-0243
https://notcve.org/view.php?id=CVE-2012-0243
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Desbordamiento de búfer en un control ActiveX en bwocxrun.ocx de Advantech/Broadwin WebAccess antes de v7.0, permite a atacantes remotos ejecutar código de su elección mediante el aprovechamiento de la capacidad de escribir contenido arbitrario en cualquier ruta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0234
https://notcve.org/view.php?id=CVE-2012-0234
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Vulnerabilidad de inyección SQL en Advantech/Broadwin WebAccess antes de v7.0 permite a atacantes remotos ejecutar comandos SQL a través de una dirección URL incorrecta. • http://www.securityfocus.com/bid/52051 http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 85%CPEs: 5EXPL: 1CVE-2011-0340 – InduSoft Thin Client ISSymbol InternationalSeparator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0340
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Múltiples desbordamientos de buffer en el control ActiveX ISSymbol de ISSymbol.ocx 61.6.0.0 y 301.1009.2904.0 de la máquina virtual ISSymbol, como se ha distribuído en Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio anteriores a 7.0+SP1, y InduSoft Thin Client 7.0. Permite a atacantes remotos ejecutar código de su elección a través de los valores de propiedades extensos (1) InternationalOrder, (2) InternationalSeparator, o (3) LogFileName; o (4) un argumento bstrFileName extenso al método OpenScreen. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. • https://www.exploit-db.com/exploits/23500 http://ics-cert.us-cert.gov/advisories/ICSA-12-249-03 http://secunia.com/advisories/42928 http://secunia.com/advisories/43116 http://secunia.com/secunia_research/2011-36 http://secunia.com/secunia_research/2011-37 http://www.advantechdirect.com/eMarketingPrograms/AStudio_Patch/AStudio7.0_Patch_Final.htm http://www.indusoft.com/hotfixes/hotfixes.php http://www.securityfocus.com/bid/47596 http://www.us-cert.gov/control_systems/pdf/ICS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0CVE-2011-0488
https://notcve.org/view.php?id=CVE-2011-0488
Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. Desbordamiento de búfer basado en pila en NTWebServer.exe en el servicio web de prueba en InduSoft NTWebServer, según se ha distribuido en Advantech Studio v6.1 y InduSoft Web Studio v7.0, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) o posiblemente ejecutar código arbitrario a través de una petición larga al puerto TCP 80. • http://downloadt.advantech.com/download/downloadsr.aspx?File_Id=1-I1D7QD http://secunia.com/advisories/42883 http://secunia.com/advisories/42903 http://www.advantechdirect.com/emarketingprograms/AStudio_Patch/AStudio_Patch.htm http://www.indusoft.com/blog/?p=337 http://www.kb.cert.org/vuls/id/506864 http://www.osvdb.org/70396 http://www.securityfocus.com/bid/45783 http://www.us-cert.gov/control_systems/pdf/ICSA-10-337-01.pdf http://www.vupen.com/english/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •