CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1437 – CVE-2023-1437
https://notcve.org/view.php?id=CVE-2023-1437
02 Aug 2023 — All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22450
https://notcve.org/view.php?id=CVE-2023-22450
05 Jun 2023 — In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32540
https://notcve.org/view.php?id=CVE-2023-32540
05 Jun 2023 — In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32628
https://notcve.org/view.php?id=CVE-2023-32628
05 Jun 2023 — In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32954
https://notcve.org/view.php?id=CVE-2021-32954
18 Jun 2021 — Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un salto de directorio, que puede permitir a un atacante leer remotamente archivos arbitrarios en el sistema de archivos • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32956
https://notcve.org/view.php?id=CVE-2021-32956
18 Jun 2021 — Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un redireccionamiento, que puede permitir a un atacante enviar una URL maliciosamente diseñada que podría resultar en redireccionar a un usuario a una página web maliciosa • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22669
https://notcve.org/view.php?id=CVE-2021-22669
26 Apr 2021 — Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. Los permisos incorrectos son ajustados de forma predeterminada en la página "Project Management" del portal WebAccess/SCADA de WebAccess/SCADA Versiones 9.0.1 y anteriores, lo que puede permitir a un usuario poco privilegia... • https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13554
https://notcve.org/view.php?id=CVE-2020-13554
03 Mar 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En webvrpcs... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13555
https://notcve.org/view.php?id=CVE-2020-13555
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En COM Server Application Privilege Escal... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13553
https://notcve.org/view.php?id=CVE-2020-13553
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En Run Key ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •