Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2020-10623
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-09
CVE-2020-10625
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10629
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-04-09
CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2019-3942
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-04-01
CVE-2020-10607
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-03-27
CVE-2019-18257
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
CVSS Score
9.8
EPSS Score
0.012
Published
2019-12-17
CVE-2019-3951
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
CVSS Score
9.8
EPSS Score
0.118
Published
2019-12-12
CVE-2019-18229
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
CVSS Score
6.5
EPSS Score
0.007
Published
2019-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved