threat
engine
.sh
Back
·
··:··
Home
/
Product
/
advantech webaccess\/scada
Product
advantech webaccess\/scada
41 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-67653
all versions
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitra
4.3
MEDIUM
CVE-2025-46268
all versions
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
6.3
MEDIUM
CVE-2025-14850
all versions
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
8.1
HIGH
CVE-2025-14849
all versions
Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary c
8.8
HIGH
CVE-2025-14848
all versions
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of
4.3
MEDIUM
CVE-2023-1437
< 9.1.4
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client
9.8
CRITICAL
CVE-2023-32628
<= 9.1.3
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modi
7.2
HIGH
CVE-2023-32540
<= 9.1.3
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to
7.2
HIGH
CVE-2023-22450
<= 9.1.3
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to uplo
7.2
HIGH
CVE-2021-38431
<= 9.0.3
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names
4.3
MEDIUM
CVE-2021-32943
< 8.4.5
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary cod
9.8
CRITICAL
CVE-2021-22676
< 8.4.5
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicio
6.1
MEDIUM
CVE-2021-22674
< 8.4.5
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized file
6.5
MEDIUM
CVE-2021-32956
<= 9.0.1
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously
6.1
MEDIUM
CVE-2021-32954
<= 9.0.1
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely
6.5
MEDIUM
CVE-2021-22669
<= 9.0.1
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Version
8.8
HIGH
CVE-2021-27436
<= 9.0
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaSc
6.1
MEDIUM
CVE-2020-13554
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 in
7.8
HIGH
CVE-2020-25161
< 9.0.1
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in a
8.8
HIGH
CVE-2020-13555
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 in
8.8
HIGH
CVE-2020-13553
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 in
8.8
HIGH
CVE-2020-13552
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 in
8.8
HIGH
CVE-2020-13551
all versions
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 in
8.8
HIGH
CVE-2020-13550
all versions
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially craf
7.7
HIGH
CVE-2019-6523
all versions
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
9.8
CRITICAL
CVE-2019-6521
all versions
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker
8.6
HIGH
CVE-2019-6519
all versions
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass al
9.8
CRITICAL
CVE-2018-18999
all versions
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input
7.3
HIGH
CVE-2018-8845
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-8841
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.8
HIGH
CVE-2018-7505
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7503
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7501
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-7499
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7497
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-7495
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10591
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
6.1
MEDIUM
CVE-2018-10590
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
7.5
HIGH
CVE-2018-10589
< 8.3.1
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.1
9.8
CRITICAL
CVE-2018-5445
< 8.2_20170817
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to
5.3
MEDIUM
CVE-2018-5443
< 8.2_20170817
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not proper
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin