Advantech: Security Vulnerabilities
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-05-15
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-05-09
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.008
Published
2018-04-25
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-04-25
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-04-25
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
CVSS Score
9.8
EPSS Score
0.302
Published
2018-02-13
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-01-25
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
CVSS Score
5.3
EPSS Score
0.011
Published
2018-01-25
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-01-12
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-01-12