Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2013-2299
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.005
Published
2013-08-22
CVE-2013-1627
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
CVSS Score
7.8
EPSS Score
0.09
Published
2013-03-11
CVE-2012-0235
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
6.0
EPSS Score
0.001
Published
2012-02-21
CVE-2012-0236
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."
CVSS Score
5.0
EPSS Score
0.002
Published
2012-02-21
CVE-2012-0237
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.
CVSS Score
6.4
EPSS Score
0.002
Published
2012-02-21
CVE-2012-0238
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.02
Published
2012-02-21
CVE-2012-0239
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.
CVSS Score
5.0
EPSS Score
0.002
Published
2012-02-21
CVE-2012-0240
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.008
Published
2012-02-21
CVE-2012-0241
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
CVSS Score
5.0
EPSS Score
0.092
Published
2012-02-21
CVE-2012-0242
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
CVSS Score
10.0
EPSS Score
0.107
Published
2012-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved