CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Advantech : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-18257 787 Exec Code Overflow 2019-12-17 2020-10-22
7.5
None Remote Low Not required Partial Partial Partial
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
2 CVE-2019-18229 89 Sql 2019-10-31 2021-05-13
4.0
None Remote Low ??? Partial None None
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
3 CVE-2019-18227 611 2019-10-31 2021-05-13
5.0
None Remote Low Not required Partial None None
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
4 CVE-2019-16901 755 2019-09-26 2019-09-26
5.0
None Remote Low Not required None None Partial
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
5 CVE-2019-16900 2019-09-26 2020-08-24
5.0
None Remote Low Not required None None Partial
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
6 CVE-2019-16899 2019-09-26 2020-08-24
5.0
None Remote Low Not required None None Partial
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
7 CVE-2019-13558 94 Exec Code 2019-09-18 2019-10-09
9.0
None Remote Low Not required Partial Partial Complete
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
8 CVE-2019-13556 787 Exec Code Overflow 2019-09-18 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
9 CVE-2019-13552 78 Exec Code 2019-09-18 2019-10-09
6.5
None Remote Low ??? Partial Partial Partial
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
10 CVE-2019-13551 22 Exec Code Dir. Trav. 2019-10-31 2021-05-13
10.0
None Remote Low Not required Complete Complete Complete
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
11 CVE-2019-13550 Exec Code 2019-09-18 2020-10-16
9.0
None Remote Low Not required Partial Partial Complete
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
12 CVE-2019-13547 306 2019-10-31 2021-05-13
10.0
None Remote Low Not required Complete Complete Complete
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
13 CVE-2019-10993 476 Exec Code 2019-06-28 2019-07-02
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
14 CVE-2019-10991 787 Exec Code Overflow 2019-06-28 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
15 CVE-2019-10989 787 Exec Code Overflow 2019-06-28 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991.
16 CVE-2019-10987 787 Exec Code 2019-06-28 2019-07-02
6.8
None Remote Medium Not required Partial Partial Partial
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
17 CVE-2019-10985 22 Dir. Trav. 2019-06-28 2019-07-02
6.4
None Remote Low Not required None Partial Partial
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
18 CVE-2019-10983 125 2019-06-28 2019-07-02
5.0
None Remote Low Not required Partial None None
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.
19 CVE-2019-10961 787 Exec Code 2019-08-02 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.
20 CVE-2019-6554 2019-04-05 2020-10-16
5.0
None Remote Low Not required None None Partial
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.
21 CVE-2019-6552 78 Exec Code 2019-04-05 2020-10-06
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution.
22 CVE-2019-6550 787 Exec Code Overflow 2019-04-05 2020-10-06
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution.
23 CVE-2019-6523 89 Sql 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
24 CVE-2019-6521 287 Bypass +Info 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
25 CVE-2019-6519 287 Bypass 2019-02-05 2019-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
26 CVE-2019-3975 120 Exec Code Overflow 2019-09-10 2019-09-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message.
27 CVE-2019-3954 787 Exec Code Overflow 2019-06-19 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call.
28 CVE-2019-3953 787 Exec Code Overflow 2019-06-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
29 CVE-2019-3951 787 DoS Exec Code Overflow Mem. Corr. 2019-12-12 2019-12-18
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
30 CVE-2019-3941 306 2019-04-09 2020-08-24
6.4
None Remote Low Not required None Partial Partial
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
31 CVE-2019-3940 434 Exec Code 2019-04-09 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.