Advantech Advantech Webaccess — known CVE vulnerabilities
Every CVE whose affected-product data names Advantech Advantech Webaccess, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (44)
CVE-2012-0240 — CVSS 10.0 (critical): GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to…
CVE-2012-0238 — CVSS 10.0 (critical): Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via…
CVE-2012-0243 — CVSS 10.0 (critical): Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute…
CVE-2011-4524 — CVSS 10.0 (critical): Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in…
CVE-2011-4525 — CVSS 10.0 (critical): Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a…
CVE-2011-4526 — CVSS 10.0 (critical): Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via…
CVE-2012-0242 — CVSS 10.0 (critical): Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string…
CVE-2014-2366 — CVSS 9.0 (critical): upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
CVE-2011-4521 — CVSS 7.5 (high): SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via…
CVE-2012-0234 — CVSS 7.5 (high): SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a…
CVE-2012-0244 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands…
CVE-2014-0763 — CVSS 7.5 (high): An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through…
CVE-2014-0764 — CVSS 7.5 (high): By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may…
CVE-2014-0765 — CVSS 7.5 (high): To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long…
CVE-2014-0766 — CVSS 7.5 (high): An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to…
CVE-2014-0767 — CVSS 7.5 (high): An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow…
CVE-2014-0768 — CVSS 7.5 (high): An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker…
CVE-2014-0770 — CVSS 7.5 (high): By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may…
CVE-2014-0771 — CVSS 7.5 (high): The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its…
CVE-2014-0773 — CVSS 7.5 (high): The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker…
CVE-2014-2364 — CVSS 7.5 (high): Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string…
CVE-2014-2367 — CVSS 7.5 (high): The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers…
CVE-2014-2368 — CVSS 7.5 (high): The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files…
CVE-2012-1234 — CVSS 6.5 (medium): SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a…
CVE-2014-2365 — CVSS 6.5 (medium): Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via…
CVE-2012-0237 — CVSS 6.4 (medium): Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing…
CVE-2012-0235 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the…
CVE-2012-0236 — CVSS 5.0 (medium): Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE…
CVE-2012-0241 — CVSS 5.0 (medium): Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream…
CVE-2012-0239 — CVSS 5.0 (medium): uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to…
CVE-2014-0772 — CVSS 5.0 (medium): The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its…
CVE-2011-4523 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject…
CVE-2011-4522 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject…
CVE-2012-0233 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script…
CVE-2013-2299 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote…