| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. |
| An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. |
| An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. |
| A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address. |
| An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. |
| A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. |
| A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. |
| A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. |
| Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an unauthorized attacker to act with
the same level of privileges of the legitimate user. |
| Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP requests to
generate page output. |
| Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. |
| Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. |
| Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same
origin policy, which is designed to prevent different websites from
interfering with each other. |
| Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. |
| Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. |
