Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2019-3941
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
CVSS Score
7.5
EPSS Score
0.024
Published
2019-04-09
CVE-2019-6550
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.061
Published
2019-04-05
CVE-2019-6552
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2019-04-05
CVE-2019-6554
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
CVSS Score
7.5
EPSS Score
0.016
Published
2019-04-05
CVE-2019-6519
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVSS Score
9.8
EPSS Score
0.028
Published
2019-02-05
CVE-2019-6521
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVSS Score
8.6
EPSS Score
0.019
Published
2019-02-05
CVE-2019-6523
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
CVSS Score
9.8
EPSS Score
0.02
Published
2019-02-05
CVE-2018-18999
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
CVSS Score
7.3
EPSS Score
0.023
Published
2018-12-19
CVE-2018-15705
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.
CVSS Score
6.5
EPSS Score
0.122
Published
2018-10-31
CVE-2018-15706
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
CVSS Score
6.5
EPSS Score
0.324
Published
2018-10-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved