Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2012-0243
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
CVSS Score
10.0
EPSS Score
0.02
Published
2012-02-21
CVE-2012-0244
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
CVSS Score
7.5
EPSS Score
0.002
Published
2012-02-21
CVE-2012-1234
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
CVSS Score
6.5
EPSS Score
0.002
Published
2012-02-21
CVE-2012-1235
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
CVSS Score
6.0
EPSS Score
0.001
Published
2012-02-21
CVE-2011-4524
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
CVSS Score
10.0
EPSS Score
0.02
Published
2012-02-21
CVE-2011-4525
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2012-02-21
CVE-2011-4526
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.
CVSS Score
10.0
EPSS Score
0.02
Published
2012-02-21
CVE-2012-0233
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2012-02-21
CVE-2012-0234
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
CVSS Score
7.5
EPSS Score
0.002
Published
2012-02-21
CVE-2011-1914
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.011
Published
2012-02-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved