Advantech Webaccess/scada — known CVE vulnerabilities
Every CVE whose affected-product data names Advantech Webaccess/scada, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2021-32943 — CVSS 9.8 (critical): The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the…
CVE-2023-1437 — CVSS 9.8 (critical): All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent…
CVE-2019-6519 — CVSS 9.8 (critical): WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an…
CVE-2020-13555 — CVSS 8.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1…
CVE-2025-14849 — CVSS 8.8 (high): Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CVE-2020-25161 — CVSS 8.8 (high): The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an…
CVE-2020-13551 — CVSS 8.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1…
CVE-2020-13552 — CVSS 8.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1…
CVE-2020-13553 — CVSS 8.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1…
CVE-2021-22669 — CVSS 8.8 (high): Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1…
CVE-2019-6521 — CVSS 8.6 (high): WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to…
CVE-2025-14850 — CVSS 8.1 (high): Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
CVE-2020-13554 — CVSS 7.8 (high): An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1…
CVE-2020-13550 — CVSS 7.7 (high): A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted…
CVE-2018-18999 — CVSS 7.3 (high): WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow…
CVE-2023-32628 — CVSS 7.2 (high): In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the…
CVE-2023-32540 — CVSS 7.2 (high): In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to…
CVE-2023-22450 — CVSS 7.2 (high): In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP…
CVE-2021-22674 — CVSS 6.5 (medium): The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and…
CVE-2021-32954 — CVSS 6.5 (medium): Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read…
CVE-2025-46268 — CVSS 6.3 (medium): Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVE-2021-32956 — CVSS 6.1 (medium): Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted…
CVE-2021-27436 — CVSS 6.1 (medium): WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code…
CVE-2021-22676 — CVSS 6.1 (medium): UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious…
CVE-2018-5445 — CVSS 5.3 (medium): A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files…
CVE-2018-5443 — CVSS 5.3 (medium): A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly…
CVE-2025-14848 — CVSS 4.3 (medium): Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of…
CVE-2025-67653 — CVSS 4.3 (medium): Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files.