Advantech

Webaccess/scada

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-13553

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:29

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace...

8.8

CVE-2020-13552

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker ca...

8.8

CVE-2020-13551

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules t...

7.7

CVE-2020-13550

Exploit
  • EPSS 0.26%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this v...

9.8

CVE-2019-6523

  • EPSS 0.74%
  • Veröffentlicht 05.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:37

WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.

8.6

CVE-2019-6521

  • EPSS 1.66%
  • Veröffentlicht 05.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:37

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

9.8

CVE-2019-6519

  • EPSS 3.06%
  • Veröffentlicht 05.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:36

WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.

7.5

CVE-2018-18999

  • EPSS 0.38%
  • Veröffentlicht 19.12.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:57:00

WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

5.3

CVE-2018-5443

  • EPSS 0.14%
  • Veröffentlicht 25.01.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:48

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

5.3

CVE-2018-5445

  • EPSS 1.07%
  • Veröffentlicht 25.01.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:49

A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.