Webaccess/Nms
Approved changes feed: RSS · Atom
cpe:2.3:a:advantech:webaccess\/nms:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Advantech (fedf766b-bee1-5692-bcc7-1aa8d9dc594c) |
|---|---|
| Product | Webaccess/Nms (2b648c46-9d95-5667-b4da-8faabd986d39) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-32951 |
vulnerable | 2026-06-03 14:44:40.535177 |
Advantech WebAccess/NMS Improper Authentication
MEDIUM (5.3)
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
Published: 2021-10-27T00:54:22.837Z
Updated: 2024-09-16T20:48:04.366Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10631 |
vulnerable | 2026-06-03 14:41:00.157563 |
Details available
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
Published: 2020-04-09T13:08:55.000Z
Updated: 2024-08-04T11:06:10.432Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10629 |
vulnerable | 2026-06-03 14:41:00.152867 |
Details available
WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.
Published: 2020-04-09T13:12:17.000Z
Updated: 2024-08-04T11:06:10.190Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10625 |
vulnerable | 2026-06-03 14:41:00.143239 |
Details available
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.
Published: 2020-04-09T13:06:59.000Z
Updated: 2024-08-04T11:06:10.164Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10623 |
vulnerable | 2026-06-03 14:41:00.133433 |
Details available
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
Published: 2020-04-09T13:03:30.000Z
Updated: 2024-08-04T11:06:10.178Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10621 |
vulnerable | 2026-06-03 14:41:00.132878 |
Details available
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
Published: 2020-04-09T13:01:26.000Z
Updated: 2024-08-04T11:06:10.185Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10619 |
vulnerable | 2026-06-03 14:41:00.132300 |
Details available
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
Published: 2020-04-09T13:13:42.000Z
Updated: 2024-08-04T11:06:10.123Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10617 |
vulnerable | 2026-06-03 14:41:00.128927 |
Details available
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
Published: 2020-04-09T13:05:12.000Z
Updated: 2024-08-04T11:06:10.158Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10603 |
vulnerable | 2026-06-03 14:41:00.091998 |
Details available
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
Published: 2020-04-09T13:10:53.000Z
Updated: 2024-08-04T11:06:10.057Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-8845 |
vulnerable | 2026-06-03 14:39:09.436581 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-17T04:20:14.985Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-8841 |
vulnerable | 2026-06-03 14:39:09.430796 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T16:14:04.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7505 |
vulnerable | 2026-06-03 14:39:06.984950 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T22:29:56.539Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7503 |
vulnerable | 2026-06-03 14:39:06.984238 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T17:24:19.997Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7501 |
vulnerable | 2026-06-03 14:39:06.979998 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T20:21:58.642Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7499 |
vulnerable | 2026-06-03 14:39:06.975587 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T20:58:20.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7497 |
vulnerable | 2026-06-03 14:39:06.972612 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-17T01:51:04.478Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-7495 |
vulnerable | 2026-06-03 14:39:06.969484 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-17T02:47:10.070Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10591 |
vulnerable | 2026-06-03 14:37:53.541602 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T18:19:27.437Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10590 |
vulnerable | 2026-06-03 14:37:53.541189 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-16T22:45:05.267Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10589 |
vulnerable | 2026-06-03 14:37:53.540682 |
Details available
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code.
Published: 2018-05-15T22:00:00.000Z
Updated: 2024-09-17T01:20:33.098Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.