Shodan
Vulnerabilities
Vulnerable Software
Advantech:  >> Webaccess/nms  Security Vulnerabilities
CVE-2021-32951
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-10-27
CVE-2020-10603
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-04-09
CVE-2020-10617
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-04-09
CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVSS Score
9.1
EPSS Score
0.019
Published
2020-04-09
CVE-2020-10623
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-04-09
CVE-2020-10625
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10629
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-04-09
CVE-2020-10631
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-04-09
CVE-2020-10621
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-09
CVE-2018-10589
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.035
Published
2018-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved