Advantech

Advantech Webaccess

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-0766

  • EPSS 2.67%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.

7.5

CVE-2014-0765

  • EPSS 2.67%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

7.5

CVE-2014-0763

  • EPSS 19.03%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL act...

3.5

CVE-2013-2299

  • EPSS 1.5%
  • Veröffentlicht 22.08.2013 05:34:59
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

10

CVE-2012-0238

  • EPSS 4.35%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:58

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.

6

CVE-2012-0235

  • EPSS 0.51%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:57

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

5

CVE-2012-0236

  • EPSS 1.29%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:57

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."

6.4

CVE-2012-0237

  • EPSS 1.31%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:57

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.

5

CVE-2012-0239

  • EPSS 1.2%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:58

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

10

CVE-2012-0240

  • EPSS 4.36%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 16.06.2026 23:36:58

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.