Every CVE whose affected-product data names Advantech Webaccess, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (103)
CVE-2014-9208 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute…
CVE-2018-8845 — CVSS 9.8 (critical): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2016-0854 — CVSS 9.8 (critical): Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer…
CVE-2021-33023 — CVSS 9.8 (critical): Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute…
CVE-2020-12006 — CVSS 9.8 (critical): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a…
CVE-2017-16716 — CVSS 9.8 (critical): A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.
CVE-2017-16720 — CVSS 9.8 (critical): A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory…
CVE-2017-16724 — CVSS 9.8 (critical): A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a…
CVE-2020-12002 — CVSS 9.8 (critical): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a…
CVE-2021-38408 — CVSS 9.8 (critical): A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the…
CVE-2017-5154 — CVSS 9.8 (critical): An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply…
CVE-2020-10638 — CVSS 9.8 (critical): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a…
CVE-2018-10589 — CVSS 9.8 (critical): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2021-38389 — CVSS 9.8 (critical): Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely…
CVE-2018-14806 — CVSS 9.8 (critical): Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
CVE-2018-14816 — CVSS 9.8 (critical): Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an…
CVE-2018-7505 — CVSS 9.8 (critical): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2019-6552 — CVSS 9.8 (critical): Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of…
CVE-2019-6550 — CVSS 9.8 (critical): Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper…
CVE-2019-3975 — CVSS 9.8 (critical): Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a…
CVE-2019-3954 — CVSS 9.8 (critical): Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by…
CVE-2018-6911 — CVSS 9.8 (critical): The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a…
CVE-2018-7497 — CVSS 9.8 (critical): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2018-7499 — CVSS 9.8 (critical): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2016-0856 — CVSS 9.8 (critical): Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified…
CVE-2016-0857 — CVSS 9.8 (critical): Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified…
CVE-2019-10989 — CVSS 9.8 (critical): In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation…
CVE-2019-10991 — CVSS 9.8 (critical): In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper…
CVE-2019-10993 — CVSS 9.8 (critical): In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute…
CVE-2019-13550 — CVSS 9.8 (critical): In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information…
CVE-2019-13558 — CVSS 9.8 (critical): In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may…
CVE-2019-3940 — CVSS 9.8 (critical): Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use…
CVE-2016-0859 — CVSS 9.8 (critical): Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a…
CVE-2019-3951 — CVSS 9.8 (critical): Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory…
CVE-2019-3953 — CVSS 9.8 (critical): Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by…
CVE-2020-12022 — CVSS 9.8 (critical): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker…
CVE-2020-12019 — CVSS 9.8 (critical): WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute…
CVE-2017-12698 — CVSS 9.8 (critical): An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a…
CVE-2017-12706 — CVSS 9.8 (critical): A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified…
CVE-2017-12708 — CVSS 9.8 (critical): An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to…
CVE-2019-10985 — CVSS 9.1 (critical): In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied…
CVE-2017-5152 — CVSS 9.1 (critical): An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a…
CVE-2019-10987 — CVSS 8.8 (high): In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the…
CVE-2017-12704 — CVSS 8.8 (high): A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified…
CVE-2017-12702 — CVSS 8.8 (high): An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format…
CVE-2019-13552 — CVSS 8.8 (high): In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of…
CVE-2019-13556 — CVSS 8.8 (high): In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of…
CVE-2018-15704 — CVSS 8.8 (high): Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could…
CVE-2020-12026 — CVSS 8.8 (high): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a…
CVE-2020-10607 — CVSS 8.8 (high): In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the…
CVE-2015-3946 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of…
CVE-2016-0858 — CVSS 8.1 (high): Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer…
CVE-2015-3947 — CVSS 8.1 (high): SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via…
CVE-2015-6467 — CVSS 8.1 (high): Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
CVE-2020-16202 — CVSS 7.8 (high): WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code…
CVE-2018-17910 — CVSS 7.8 (high): WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow…
CVE-2017-12711 — CVSS 7.8 (high): An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has…
CVE-2017-5175 — CVSS 7.8 (high): Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within…
CVE-2018-17908 — CVSS 7.8 (high): WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it…
CVE-2017-12717 — CVSS 7.8 (high): An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll…
CVE-2017-12713 — CVSS 7.8 (high): An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817…
CVE-2018-8841 — CVSS 7.8 (high): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2018-14828 — CVSS 7.8 (high): Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files…
CVE-2016-0855 — CVSS 7.5 (high): Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via…
CVE-2016-0851 — CVSS 7.5 (high): Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.
CVE-2016-0852 — CVSS 7.5 (high): Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access…
CVE-2016-0853 — CVSS 7.5 (high): Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
CVE-2016-0860 — CVSS 7.5 (high): Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a…
CVE-2017-12710 — CVSS 7.5 (high): A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter…
CVE-2017-12719 — CVSS 7.5 (high): An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to…
CVE-2017-16728 — CVSS 7.5 (high): An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that…
CVE-2017-16736 — CVSS 7.5 (high): An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a…
CVE-2017-16753 — CVSS 7.5 (high): An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause…
CVE-2018-10590 — CVSS 7.5 (high): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2018-14820 — CVSS 7.5 (high): Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability…
CVE-2018-7495 — CVSS 7.5 (high): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2018-7501 — CVSS 7.5 (high): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2018-7503 — CVSS 7.5 (high): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2019-10983 — CVSS 7.5 (high): In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied…
CVE-2019-3941 — CVSS 7.5 (high): Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
CVE-2019-3942 — CVSS 7.5 (high): Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can…
CVE-2019-6554 — CVSS 7.5 (high): Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a…
CVE-2020-12014 — CVSS 7.5 (high): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL…
CVE-2020-12018 — CVSS 7.5 (high): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to…
CVE-2023-2866 — CVSS 7.3 (high): If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web…
CVE-2014-8388 — CVSS 7.2 (high): Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary…
CVE-2020-12010 — CVSS 7.1 (high): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an…
CVE-2017-7929 — CVSS 7.1 (high): An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has…
CVE-2014-9202 — CVSS 6.9 (medium): Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to…
CVE-2016-4525 — CVSS 6.6 (medium): Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or…
CVE-2018-15706 — CVSS 6.5 (medium): WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a…
CVE-2017-16732 — CVSS 6.5 (medium): A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify…
CVE-2023-4215 — CVSS 6.5 (medium): Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user…
CVE-2018-15705 — CVSS 6.5 (medium): WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the…
CVE-2017-14016 — CVSS 6.3 (medium): A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper…
CVE-2018-15703 — CVSS 6.1 (medium): Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated…
CVE-2018-10591 — CVSS 6.1 (medium): In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and…
CVE-2021-34540 — CVSS 6.1 (medium): Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
CVE-2018-15707 — CVSS 5.4 (medium): Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this…
CVE-2015-3948 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script…
CVE-2015-3943 — CVSS 5.3 (medium): Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via…
CVE-2016-4528 — CVSS 5.0 (medium): Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
CVE-2016-5810 — CVSS 4.9 (medium): upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password…