Vulnerabilities (CVE)

Filtered by vendor Advantech Subscribe
Total 302 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0851 1 Advantech 1 Webaccess 2025-04-12 7.8 HIGH 7.5 HIGH
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors.
CVE-2016-0853 1 Advantech 1 Webaccess 2025-04-12 5.0 MEDIUM 7.5 HIGH
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input.
CVE-2014-0765 1 Advantech 1 Advantech Webaccess 2025-04-12 7.5 HIGH N/A
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument.
CVE-2014-0767 1 Advantech 1 Advantech Webaccess 2025-04-12 7.5 HIGH N/A
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument.
CVE-2014-0985 1 Advantech 1 Advantech Webaccess 2025-04-12 6.8 MEDIUM N/A
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.
CVE-2014-9202 1 Advantech 1 Webaccess 2025-04-12 6.9 MEDIUM N/A
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.
CVE-2015-3948 1 Advantech 1 Webaccess 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2364 1 Advantech 1 Advantech Webaccess 2025-04-12 7.5 HIGH N/A
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
CVE-2014-0764 1 Advantech 1 Advantech Webaccess 2025-04-12 7.5 HIGH N/A
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter.
CVE-2012-1235 1 Advantech 1 Advantech Webaccess 2025-04-11 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.
CVE-2012-0234 1 Advantech 1 Advantech Webaccess 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
CVE-2011-4522 1 Advantech 1 Advantech Webaccess 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2012-0242 1 Advantech 1 Advantech Webaccess 2025-04-11 10.0 HIGH N/A
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
CVE-2011-4524 1 Advantech 1 Advantech Webaccess 2025-04-11 10.0 HIGH N/A
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
CVE-2012-1234 1 Advantech 1 Advantech Webaccess 2025-04-11 6.5 MEDIUM N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
CVE-2012-0241 1 Advantech 1 Advantech Webaccess 2025-04-11 5.0 MEDIUM N/A
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.
CVE-2012-0235 1 Advantech 1 Advantech Webaccess 2025-04-11 6.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-4521 1 Advantech 1 Advantech Webaccess 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.
CVE-2011-4523 1 Advantech 1 Advantech Webaccess 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2012-0238 1 Advantech 1 Advantech Webaccess 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.