Webaccess/Scada
Approved changes feed: RSS · Atom
cpe:2.3:a:advantech:webaccess\/scada:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Advantech (fedf766b-bee1-5692-bcc7-1aa8d9dc594c) |
|---|---|
| Product | Webaccess/Scada (eb40415d-1b79-5946-ba6d-49672f3502af) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-32628 |
vulnerable | 2026-06-03 14:51:59.425174 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
Published: 2023-06-05T23:14:00.388Z
Updated: 2025-01-08T14:22:34.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32540 |
vulnerable | 2026-06-03 14:51:59.190111 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Published: 2023-06-05T23:16:28.045Z
Updated: 2025-01-08T14:22:14.896Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22450 |
vulnerable | 2026-06-03 14:49:19.245297 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Published: 2023-06-05T23:17:47.003Z
Updated: 2025-01-08T14:21:41.605Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1437 |
vulnerable | 2026-06-03 14:48:55.542889 |
CVE-2023-1437
CRITICAL (9.8)
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Published: 2023-08-02T22:30:43.978Z
Updated: 2024-08-02T05:49:11.643Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32956 |
vulnerable | 2026-06-03 14:44:40.541123 |
Details available
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
Published: 2021-06-18T13:52:51.000Z
Updated: 2024-08-03T23:33:55.949Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32954 |
vulnerable | 2026-06-03 14:44:40.538330 |
Details available
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
Published: 2021-06-18T13:53:01.000Z
Updated: 2024-08-03T23:33:55.935Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32943 |
vulnerable | 2026-06-03 14:44:40.525623 |
Details available
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Published: 2021-08-10T14:03:48.000Z
Updated: 2024-08-03T23:33:55.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-27436 |
vulnerable | 2026-06-03 14:44:15.894125 |
Details available
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
Published: 2021-03-18T21:24:57.000Z
Updated: 2024-08-03T20:48:17.186Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22676 |
vulnerable | 2026-06-03 14:43:53.379126 |
Details available
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Published: 2021-08-10T14:02:10.000Z
Updated: 2024-08-03T18:51:07.046Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22674 |
vulnerable | 2026-06-03 14:43:53.378268 |
Details available
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Published: 2021-08-10T14:00:51.000Z
Updated: 2024-08-03T18:51:06.022Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-22669 |
vulnerable | 2026-06-03 14:43:53.365143 |
Details available
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
Published: 2021-04-26T18:59:08.000Z
Updated: 2024-08-03T18:51:06.922Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25161 |
vulnerable | 2026-06-03 14:42:08.564037 |
Details available
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
Published: 2021-02-23T16:14:20.000Z
Updated: 2024-08-04T15:26:09.779Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5445 |
vulnerable | 2026-06-03 14:38:57.812062 |
Details available
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
Published: 2018-01-25T03:00:00.000Z
Updated: 2024-08-05T05:33:44.377Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-5443 |
vulnerable | 2026-06-03 14:38:57.811676 |
Details available
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
Published: 2018-01-25T03:00:00.000Z
Updated: 2024-08-05T05:33:44.434Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.