Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2020-10625
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
CVSS Score
9.8
EPSS Score
0.016
Published
2020-04-09
CVE-2020-10629
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-04-09
CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVSS Score
9.8
EPSS Score
0.015
Published
2020-04-09
CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVSS Score
9.8
EPSS Score
0.016
Published
2020-04-09
CVE-2019-3942
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-04-01
CVE-2020-10607
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVSS Score
8.8
EPSS Score
0.021
Published
2020-03-27
CVE-2019-18257
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
CVSS Score
9.8
EPSS Score
0.028
Published
2019-12-17
CVE-2019-3951
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
CVSS Score
9.8
EPSS Score
0.036
Published
2019-12-12
CVE-2019-18229
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
CVSS Score
6.5
EPSS Score
0.024
Published
2019-10-31
CVE-2019-18227
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVSS Score
7.5
EPSS Score
0.031
Published
2019-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved