Webaccess/Scada
Approved changes feed: RSS · Atom
cpe:2.3:a:advantech:webaccess/scada:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Advantech (fedf766b-bee1-5692-bcc7-1aa8d9dc594c) |
|---|---|
| Product | Webaccess/Scada (eb40415d-1b79-5946-ba6d-49672f3502af) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6888 |
vulnerable | 2026-06-03 15:27:55.853398 |
SQL Injection Vulnerability
HIGH (7.2)
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to
execute arbitrary commands via a specific interface,
potentially enabling the attacker to access, modify, or delete sensitive
information within the database.
Published: 2026-05-13T03:16:24.701Z
Updated: 2026-05-13T14:35:53.880Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67653 |
vulnerable | 2026-06-03 15:11:02.156405 |
Advantech WebAccess/SCADA Path Traversal
MEDIUM (4.3)
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files.
Published: 2025-12-18T20:38:12.958Z
Updated: 2025-12-18T21:46:25.952Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46268 |
vulnerable | 2026-06-03 15:01:19.395617 |
Advantech WebAccess/SCADA SQL Injection
MEDIUM (6.3)
Advantech WebAccess/SCADA
is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
Published: 2025-12-18T20:35:36.866Z
Updated: 2025-12-18T21:46:32.063Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14850 |
vulnerable | 2026-06-03 14:58:56.039362 |
Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory
HIGH (8.1)
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
Published: 2025-12-18T20:30:56.575Z
Updated: 2025-12-18T21:46:52.446Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14849 |
vulnerable | 2026-06-03 14:58:56.038982 |
Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type
HIGH (8.8)
Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
Published: 2025-12-18T20:32:38.746Z
Updated: 2025-12-18T21:46:46.491Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14848 |
vulnerable | 2026-06-03 14:58:56.037539 |
Advantech WebAccess/SCADA Absolute Path Traversal
MEDIUM (4.3)
Advantech WebAccess/SCADA
is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
Published: 2025-12-18T20:34:03.497Z
Updated: 2025-12-18T21:46:40.178Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2453 |
vulnerable | 2026-06-03 14:55:29.286234 |
Advantech WebAccess/SCADA SQL Injection
MEDIUM (6.4)
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
Published: 2024-03-21T22:39:15.488Z
Updated: 2024-08-01T19:11:53.526Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32628 |
vulnerable | 2026-06-03 14:51:59.425023 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
Published: 2023-06-05T23:14:00.388Z
Updated: 2025-01-08T14:22:34.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32540 |
vulnerable | 2026-06-03 14:51:59.189209 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Published: 2023-06-05T23:16:28.045Z
Updated: 2025-01-08T14:22:14.896Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2866 |
vulnerable | 2026-06-03 14:51:44.556004 |
Advantech WebAccess Insufficient Type Distinction
HIGH (7.3)
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
Published: 2023-06-07T20:12:46.824Z
Updated: 2025-01-16T21:32:10.686Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22450 |
vulnerable | 2026-06-03 14:49:19.244480 |
Details available
HIGH (7.2)
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Published: 2023-06-05T23:17:47.003Z
Updated: 2025-01-08T14:21:41.605Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1437 |
vulnerable | 2026-06-03 14:48:55.542145 |
CVE-2023-1437
CRITICAL (9.8)
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Published: 2023-08-02T22:30:43.978Z
Updated: 2024-08-02T05:49:11.643Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6554 |
vulnerable | 2026-06-03 14:40:39.673950 |
Details available
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
Published: 2019-04-05T18:15:35.000Z
Updated: 2024-08-04T20:23:21.684Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6552 |
vulnerable | 2026-06-03 14:40:39.671645 |
Details available
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
Published: 2019-04-05T18:02:39.000Z
Updated: 2024-08-04T20:23:22.066Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-6550 |
vulnerable | 2026-06-03 14:40:39.667741 |
Details available
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
Published: 2019-04-05T18:09:34.000Z
Updated: 2024-08-04T20:23:21.543Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3975 |
vulnerable | 2026-06-03 14:40:28.015495 |
Details available
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
Published: 2019-09-10T15:55:33.000Z
Updated: 2024-08-04T19:26:27.639Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.