Advantech: Security Vulnerabilities
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVSS Score
7.5
EPSS Score
0.035
Published
2019-10-31
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-10-31
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVSS Score
9.8
EPSS Score
0.01
Published
2019-10-31
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-26
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-26
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-09-26
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-09-18
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-09-18
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-18