CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2866 – Advantech WebAccess Insufficient Type Distinction
https://notcve.org/view.php?id=CVE-2023-2866
07 Jun 2023 — If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01 • CWE-345: Insufficient Verification of Data Authenticity CWE-351: Insufficient Type Distinction •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38389 – Advantech WebAccess
https://notcve.org/view.php?id=CVE-2021-38389
18 Oct 2021 — Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del búfer en la región stack de la memoria, que podría permitir a un atacante ejecutar código de forma remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vuln... • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33023 – Advantech WebAccess
https://notcve.org/view.php?id=CVE-2021-33023
18 Oct 2021 — Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess versiones 9.02 y anteriores, son vulnerables a un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante ejecutar código de forma remota This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnera... • https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38408 – Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-38408
03 Sep 2021 — A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Advantech WebAccess versiones 9.02 y anteriores, causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuario puede permitir una ejecución de código remota This vulnerability allows remote... • https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16202
https://notcve.org/view.php?id=CVE-2020-16202
22 Sep 2020 — WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. WebAccess Node (todas las versiones anteriores a 9.0.1) presenta permisos incorrectos establecidos para los recursos usados por servicios específicos, lo que puede permitir una ejecución de código con privilegios system • https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12022 – Advantech WebAccess/SCADA DATACORE IOCTL 0x0000521e Improper Validation of Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12022
08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presenta una vulnerabilidad de comprobación inapropiada que podría permitir a un atacante inyectar información especialmente diseñada dentro de la memoria donde pueda ser ejecutada. This vulnerability allows remote attackers to... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-129: Improper Validation of Array Index •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12014 – Advantech WebAccess/SCADA BwWebSvc IOCTL 0x00013c76 IOCTL 0x00013c77 SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-12014
08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Una entrada no está apropiadamente saneada y puede permitir a un atacante inyectar comandos SQL. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12018 – Advantech WebAccess/SCADA DrawSrv IOCTL 0x00002722 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-12018
08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presenta una vulnerabilidad de lectura fuera de límites que puede permitir el acceso a datos no autorizados. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 26%CPEs: 2EXPL: 0CVE-2020-10638 – Advantech WebAccess/SCADA BwBacNetJ Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10638
08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la región heap de la memoria causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usuari... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 31%CPEs: 2EXPL: 0CVE-2020-12002 – Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12002
08 May 2020 — Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node, versiones 8.4.4 y anteriores, versión 9.0.0. Se presentan múltiples vulnerabilidades de desbordamiento del búfer en la región stack de la memoria causada por una falta de comprobación apropiada de la longitud de los datos suministrados por el usua... • https://www.us-cert.gov/ics/advisories/icsa-20-128-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •