Filtered by vendor Advantech
Subscribe
Total
302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8388 | 1 Advantech | 1 Webaccess | 2025-04-12 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. | |||||
| CVE-2016-4528 | 1 Advantech | 1 Webaccess | 2025-04-12 | 4.3 MEDIUM | 5.0 MEDIUM |
| Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. | |||||
| CVE-2014-0992 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. | |||||
| CVE-2014-2366 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 4.0 MEDIUM | N/A |
| upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. | |||||
| CVE-2014-8386 | 1 Advantech | 1 Adamview | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file. | |||||
| CVE-2015-6476 | 1 Advantech | 14 Eki-1221, Eki-1221d, Eki-1222 and 11 more | 2025-04-12 | 10.0 HIGH | N/A |
| Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 5.0 MEDIUM | N/A |
| The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. | |||||
| CVE-2016-0856 | 1 Advantech | 1 Webaccess | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-0488 | 2 Advantech, Indusoft | 2 Advantech Studio, Web Studio | 2025-04-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long request to TCP port 80. | |||||
| CVE-2011-4524 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 10.0 HIGH | N/A |
| Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. | |||||
| CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | |||||
| CVE-2011-1914 | 1 Advantech | 3 Adam Opc Server, Modbus Rtu Opc Server, Modbus Tcp Opc Server | 2025-04-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-4522 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. | |||||
| CVE-2012-0241 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 5.0 MEDIUM | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||||
| CVE-2011-4526 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 10.0 HIGH | N/A |
| Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. | |||||
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 10.0 HIGH | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-1235 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. | |||||
| CVE-2012-0234 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. | |||||
| CVE-2012-0237 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 6.4 MEDIUM | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | |||||