Advantech

Advantech Webaccess

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-0766

  • EPSS 1.18%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 19.09.2025 20:15:37

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.

7.5

CVE-2014-0765

  • EPSS 1.18%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 19.09.2025 20:15:36

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.

7.5

CVE-2014-0763

  • EPSS 42.77%
  • Veröffentlicht 12.04.2014 04:37:31
  • Zuletzt bearbeitet 19.09.2025 19:15:37

An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL act...

3.5

CVE-2013-2299

  • EPSS 0.49%
  • Veröffentlicht 22.08.2013 05:34:59
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

10

CVE-2012-0238

  • EPSS 2.39%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.

6

CVE-2012-0235

  • EPSS 0.07%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

5

CVE-2012-0236

  • EPSS 0.24%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."

6.4

CVE-2012-0237

  • EPSS 0.24%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.

5

CVE-2012-0239

  • EPSS 0.18%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

10

CVE-2012-0240

  • EPSS 0.93%
  • Veröffentlicht 21.02.2012 13:31:57
  • Zuletzt bearbeitet 11.04.2025 00:51:21

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.