17 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2021-38389 – Advantech WebAccess

https://notcve.org/view.php?id=CVE-2021-38389

18 Oct 2021 — Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que podría permitir a un atacante ejecutar código de forma remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vuln... • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-33023 – Advantech WebAccess

https://notcve.org/view.php?id=CVE-2021-33023

18 Oct 2021 — Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante ejecutar código de forma remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnera... • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2021-38408 – Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-38408

03 Sep 2021 — A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Advantech WebAccess versiones 9.02 y anteriores, causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuario puede permitir una ejecución de código remota This vulnerability allows remote... • https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 • CWE-121: Stack-based Buffer Overflow •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-34540

https://notcve.org/view.php?id=CVE-2021-34540

11 Jun 2021 — Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess versiones 8.4.2 y 8.4.4, permite ataques de tipo XSS por medio de la columna de nombre de usuario de la página bwRoot.asp de WADashboard • https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-16202

https://notcve.org/view.php?id=CVE-2020-16202

22 Sep 2020 — WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. WebAccess Node (todas las versiones anteriores a 9.0.1) presenta permisos incorrectos establecidos para los recursos usados por servicios específicos, lo que puede permitir una ejecución de código con privilegios system • https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12019 – Advantech WebAccess Node Incorrect Permission Assignment Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2020-12019

14 May 2020 — WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. WebAccess Node versión 8.4.4 y anteriores, es vulnerable a un desbordamiento de búfer en la región stack de la memoria, que puede permitir a un atacante ejecutar código arbitrario remotamente This vulnerability allows local attackers to escalate privileges on affected installations of Advantech WebAccess Node. An attacker must first obtain the ability to exec... • https://www.us-cert.gov/ics/advisories/icsa-20-161-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 31%CPEs: 2EXPL: 0

CVE-2020-12002 – Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-12002

08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usua... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-12018 – Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2020-12018

08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presenta una vulnerabilidad de lectura fuera de límites que puede permitir el acceso a datos no autorizados. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 26%CPEs: 2EXPL: 0

CVE-2020-10638 – Advantech WebAccess/SCADA BwBacNetJ Heap-based Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-10638

08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la región heap de la memoria causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuari... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0

CVE-2020-12006 – Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002711 Command Injection Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-12006

08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de salto de ruta relativa que pueden permitir a un usuario con poco privilegio sobrescribir archivos fuera del control de la aplicación. This vulnerability allows remote attackers to execute... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •