Advantech: >> Webaccess >> 6.0 Security Vulnerabilities
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-05-08
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-05-08
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2020-03-27
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
CVSS Score
9.8
EPSS Score
0.118
Published
2019-12-12
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.012
Published
2019-09-18
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVSS Score
9.8
EPSS Score
0.008
Published
2019-09-18
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVSS Score
8.8
EPSS Score
0.016
Published
2019-09-18
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-09-18
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-06-28