Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2017-5175
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVSS Score
7.8
EPSS Score
0.016
Published
2018-05-09
CVE-2018-8833
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.023
Published
2018-04-25
CVE-2018-8835
Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.021
Published
2018-04-25
CVE-2018-8837
Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution.
CVSS Score
7.8
EPSS Score
0.021
Published
2018-04-25
CVE-2018-6911
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).
CVSS Score
9.8
EPSS Score
0.13
Published
2018-02-13
CVE-2018-5443
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVSS Score
5.3
EPSS Score
0.012
Published
2018-01-25
CVE-2018-5445
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
CVSS Score
5.3
EPSS Score
0.019
Published
2018-01-25
CVE-2017-16732
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
CVSS Score
6.5
EPSS Score
0.014
Published
2018-01-12
CVE-2017-16736
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
CVSS Score
7.5
EPSS Score
0.018
Published
2018-01-12
CVE-2017-16716
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVSS Score
9.8
EPSS Score
0.06
Published
2018-01-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved