threat
engine
.sh
Back
·
··:··
Home
/
Product
/
advantech webaccess
Product
advantech webaccess
109 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-4215
all versions
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could
6.5
MEDIUM
CVE-2023-2866
all versions
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5
7.3
HIGH
CVE-2021-38389
<= 9.0.2
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remote
9.8
CRITICAL
CVE-2021-33023
<= 9.0.2
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotel
9.8
CRITICAL
CVE-2021-38408
<= 9.02
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation o
9.8
CRITICAL
CVE-2021-34540
all versions
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
6.1
MEDIUM
CVE-2020-16202
< 9.0.1
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allo
7.8
HIGH
CVE-2020-12019
<= 8.4.4
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely exe
9.8
CRITICAL
CVE-2020-12026
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
8.8
HIGH
CVE-2020-12022
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an
9.8
CRITICAL
CVE-2020-12018
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to u
7.5
HIGH
CVE-2020-12014
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inj
7.5
HIGH
CVE-2020-12010
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
7.1
HIGH
CVE-2020-12006
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may
9.8
CRITICAL
CVE-2020-12002
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist cause
9.8
CRITICAL
CVE-2020-10638
<= 8.4.4
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused
9.8
CRITICAL
CVE-2019-3942
all versions
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attac
7.5
HIGH
CVE-2020-10607
<= 8.4.2
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validatio
8.8
HIGH
CVE-2019-3951
< 8.4.3
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (m
9.8
CRITICAL
CVE-2019-13558
<= 8.4.1
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, whic
9.8
CRITICAL
CVE-2019-13556
<= 8.4.1
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validat
8.8
HIGH
CVE-2019-13552
<= 8.4.1
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of use
8.8
HIGH
CVE-2019-13550
<= 8.4.1
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive inform
9.8
CRITICAL
CVE-2019-3975
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-10993
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to
9.8
CRITICAL
CVE-2019-10991
<= 8.3.5
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper
9.8
CRITICAL
CVE-2019-10989
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper va
9.8
CRITICAL
CVE-2019-10987
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validatio
8.8
HIGH
CVE-2019-10985
<= 8.3.5
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-su
9.1
CRITICAL
CVE-2019-10983
<= 8.3.5
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-
7.5
HIGH
CVE-2019-3954
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-3953
all versions
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code
9.8
CRITICAL
CVE-2019-7219
all versions
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued
6.1
MEDIUM
CVE-2019-3941
all versions
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
7.5
HIGH
CVE-2019-3940
all versions
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker c
9.8
CRITICAL
CVE-2019-6554
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a den
7.5
HIGH
CVE-2019-6552
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper valida
9.8
CRITICAL
CVE-2019-6550
<= 8.3.5
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of pro
9.8
CRITICAL
CVE-2018-15707
all versions
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage
5.4
MEDIUM
CVE-2018-15706
all versions
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem du
6.5
MEDIUM
CVE-2018-15705
all versions
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the
6.5
MEDIUM
CVE-2018-17910
<= 8.3.2
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer
7.8
HIGH
CVE-2018-17908
<= 8.3.2
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-en
7.8
HIGH
CVE-2018-14828
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access th
7.8
HIGH
CVE-2018-14820
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerabil
7.5
HIGH
CVE-2018-14816
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may
9.8
CRITICAL
CVE-2018-14806
<= 8.3.1
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.
9.8
CRITICAL
CVE-2018-15704
<= 8.3.2
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could
8.8
HIGH
CVE-2018-15703
<= 8.3.2
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthentic
6.1
MEDIUM
CVE-2018-8845
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-8841
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.8
HIGH
CVE-2018-7505
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7503
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7501
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7499
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7497
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7495
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10591
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
6.1
MEDIUM
CVE-2018-10590
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10589
<= 8.2_20170817
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2017-5175
<= 8.1
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file
7.8
HIGH
CVE-2018-6911
all versions
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands
9.8
CRITICAL
CVE-2017-16736
< 8.3
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess al
7.5
HIGH
CVE-2017-16732
< 8.3
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker t
6.5
MEDIUM
CVE-2017-16753
< 8.3
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that
7.5
HIGH
CVE-2017-16728
< 8.3
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabili
7.5
HIGH
CVE-2017-16724
< 8.3
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a
9.8
CRITICAL
CVE-2017-16720
<= 8.3.2
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the director
9.8
CRITICAL
CVE-2017-16716
< 8.3
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL c
9.8
CRITICAL
CVE-2017-14016
< 8.2_20170817
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks p
6.3
MEDIUM
CVE-2017-12719
< 8.2_20170817
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is
7.5
HIGH
CVE-2017-12717
<= 8.2
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously cra
7.8
HIGH
CVE-2017-12713
<= 8.2
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_201708
7.8
HIGH
CVE-2017-12711
<= 8.2
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user acc
7.8
HIGH
CVE-2017-12710
<= 8.2
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted par
7.5
HIGH
CVE-2017-12708
<= 8.2
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions pr
9.8
CRITICAL
CVE-2017-12706
<= 8.2
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identi
9.8
CRITICAL
CVE-2017-12704
<= 8.2
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identif
8.8
HIGH
CVE-2017-12702
<= 8.2
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format
8.8
HIGH
CVE-2017-12698
<= 8.2
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests
9.8
CRITICAL
CVE-2017-7929
<= 8.1
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerab
7.1
HIGH
CVE-2016-5810
<= 8.1
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password i
4.9
MEDIUM
CVE-2017-5154
all versions
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker mus
9.8
CRITICAL
CVE-2017-5152
all versions
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web serv
9.1
CRITICAL
CVE-2016-5817
<= 2016-08-09
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitra
9.8
CRITICAL
CVE-2016-4528
<= 8.1
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.
5.0
MEDIUM
CVE-2016-4525
<= 8.1
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive infor
6.6
MEDIUM
CVE-2016-0860
<= 8.0
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service v
7.5
HIGH
CVE-2016-0859
<= 8.0
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or caus
9.8
CRITICAL
CVE-2016-0858
<= 8.0
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (b
8.1
HIGH
CVE-2016-0857
<= 8.0
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspec
9.8
CRITICAL
CVE-2016-0856
<= 8.0
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspe
9.8
CRITICAL
CVE-2016-0855
<= 8.0
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory fi
7.5
HIGH
CVE-2016-0854
<= 8.0
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard
9.8
CRITICAL
CVE-2016-0853
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
7.5
HIGH
CVE-2016-0852
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder
7.5
HIGH
CVE-2016-0851
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified
7.5
HIGH
CVE-2015-6467
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.
8.1
HIGH
CVE-2015-3948
<= 8.0
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary w
5.4
MEDIUM
CVE-2015-3947
<= 8.0
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands
8.1
HIGH
CVE-2015-3946
<= 8.0
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentica
8.8
HIGH
CVE-2015-3943
<= 8.0
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via u
5.3
MEDIUM
CVE-2014-9202
all versions
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers
CVE-2014-9208
<= 8.0
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execu
CVE-2014-9360
all versions
XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitra
CVE-2014-9352
all versions
Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote at
CVE-2014-8388
<= 7.2
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arb
CVE-2014-5449
all versions
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to
CVE-2011-4041
all versions
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin