cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-38408,https://securityvulnerability.io/vulnerability/CVE-2021-38408,Stack-Based Buffer Overflow in Advantech WebAccess Product,"A stack-based buffer overflow vulnerability exists in Advantech WebAccess Versions 9.02 and earlier, triggered by insufficient validation of user-input length. If exploited, this vulnerability may enable attackers to execute arbitrary code remotely, leading to potential unauthorized access and control of affected systems.",Advantech,Advantech Webaccess,9.8,CRITICAL,0.012539999559521675,false,,false,false,false,,,false,false,,2021-09-09T11:24:58.000Z,0
CVE-2020-16229,https://securityvulnerability.io/vulnerability/CVE-2020-16229,Type Confusion Vulnerability in Advantech WebAccess HMI Designer,"A vulnerability in Advantech WebAccess HMI Designer enables a type confusion condition due to improper validation of user-supplied data when processing specially crafted project files. This flaw may allow attackers to execute remote code, potentially leading to unauthorized access, information disclosure, data modification, or application instability.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2020-08-06T18:24:10.000Z,0
CVE-2020-16207,https://securityvulnerability.io/vulnerability/CVE-2020-16207,Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess HMI Designer,"Advantech WebAccess HMI Designer versions 2.1.9.31 and earlier are susceptible to multiple heap-based buffer overflow vulnerabilities. These vulnerabilities can be triggered by opening specially crafted project files, potentially leading to serious consequences such as remote code execution, unauthorized information disclosure or modification, and application crashes. It is crucial for users of this software to address these vulnerabilities promptly to mitigate the risks associated with potential exploitation.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.03894000127911568,false,,false,false,false,,,false,false,,2020-08-06T18:22:34.000Z,0
CVE-2020-16211,https://securityvulnerability.io/vulnerability/CVE-2020-16211,Out-of-Bounds Read Vulnerability in Advantech WebAccess HMI Designer,"Advantech WebAccess HMI Designer has an out-of-bounds read vulnerability affecting versions 2.1.9.31 and earlier. This issue arises from the processing of specially crafted project files, which could allow an attacker to exploit the vulnerability to read sensitive information that should not be accessible. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",Advantech,Advantech Webaccess Hmi Designer,5.5,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2020-08-06T18:21:40.000Z,0
CVE-2020-16213,https://securityvulnerability.io/vulnerability/CVE-2020-16213,Remote Code Execution Vulnerability in Advantech WebAccess HMI Designer,"The Advantech WebAccess HMI Designer is susceptible to a vulnerability that allows remote attackers to exploit specially crafted project files. This flaw occurs due to improper validation of user-supplied data, potentially leading to unauthorized control over the system, disclosure of sensitive information, modification of stored data, or crashing of the application. It is crucial for users to update their systems to prevent exploitation by malicious actors.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2020-08-06T18:20:45.000Z,0
CVE-2020-16215,https://securityvulnerability.io/vulnerability/CVE-2020-16215,Buffer Overflow in Advantech WebAccess HMI Designer Compromises Security,"Advantech WebAccess HMI Designer, specifically versions 2.1.9.31 and earlier, is vulnerable due to improper validation of user-supplied data in specially crafted project files. This may lead to a stack-based buffer overflow, enabling attackers to execute remote code, access or modify sensitive information, or cause the application to crash, effectively compromising the integrity and availability of the HMI Designer's functionality.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.007069999817758799,false,,false,false,false,,,false,false,,2020-08-06T18:19:43.000Z,0
CVE-2020-16217,https://securityvulnerability.io/vulnerability/CVE-2020-16217,Double Free Vulnerability in Advantech WebAccess HMI Designer,"A double free vulnerability exists in Advantech WebAccess HMI Designer, specifically in versions 2.1.9.31 and earlier. This vulnerability arises from improper handling of specially crafted project files, which may lead to potential remote code execution, unauthorized disclosure or modification of sensitive information, and instability of the application, causing it to crash.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2020-08-06T18:15:51.000Z,0
CVE-2020-12018,https://securityvulnerability.io/vulnerability/CVE-2020-12018,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.",Advantech,Advantech Webaccess Node,7.5,HIGH,0.007960000075399876,false,,false,false,false,,,false,false,,2020-05-08T11:51:50.000Z,0
CVE-2020-12002,https://securityvulnerability.io/vulnerability/CVE-2020-12002,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.12957000732421875,false,,false,false,false,,,false,false,,2020-05-08T11:50:42.000Z,0
CVE-2020-10638,https://securityvulnerability.io/vulnerability/CVE-2020-10638,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.1466600000858307,false,,false,false,false,,,false,false,,2020-05-08T11:49:32.000Z,0
CVE-2020-12026,https://securityvulnerability.io/vulnerability/CVE-2020-12026,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.",Advantech,Advantech Webaccess Node,8.8,HIGH,0.007660000119358301,false,,false,false,false,,,false,false,,2020-05-08T11:48:19.000Z,0
CVE-2020-12014,https://securityvulnerability.io/vulnerability/CVE-2020-12014,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.",Advantech,Advantech Webaccess Node,7.5,HIGH,0.011260000057518482,false,,false,false,false,,,false,false,,2020-05-08T11:46:31.000Z,0
CVE-2020-12006,https://securityvulnerability.io/vulnerability/CVE-2020-12006,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.016860000789165497,false,,false,false,false,,,false,false,,2020-05-08T11:41:41.000Z,0
CVE-2020-12010,https://securityvulnerability.io/vulnerability/CVE-2020-12010,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.",Advantech,Advantech Webaccess Node,7.1,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2020-05-08T11:40:22.000Z,0
CVE-2020-12022,https://securityvulnerability.io/vulnerability/CVE-2020-12022,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.00482999999076128,false,,false,false,false,,,false,false,,2020-05-08T11:38:54.000Z,0
CVE-2019-3942,https://securityvulnerability.io/vulnerability/CVE-2019-3942,,"Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.",Advantech,Advantech Webaccess,7.5,HIGH,0.002749999985098839,false,,false,false,false,,,false,false,,2020-04-01T16:04:29.000Z,0
CVE-2020-10607,https://securityvulnerability.io/vulnerability/CVE-2020-10607,,"In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.",Advantech,Advantech Webaccess,8.8,HIGH,0.29478999972343445,false,,false,false,false,,,false,false,,2020-03-27T13:27:24.000Z,0
CVE-2019-10961,https://securityvulnerability.io/vulnerability/CVE-2019-10961,,"In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution.",Advantech,Advantech Webaccess Hmi Designer,8.8,HIGH,0.015860000625252724,false,,false,false,false,,,false,false,,2019-08-02T16:06:09.000Z,0
CVE-2018-15705,https://securityvulnerability.io/vulnerability/CVE-2018-15705,,WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code.,Advantech,Advantech Webaccess,6.5,MEDIUM,0.0033599999733269215,false,,false,false,false,,,false,false,,2018-10-31T00:00:00.000Z,0
CVE-2018-15707,https://securityvulnerability.io/vulnerability/CVE-2018-15707,,Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things.,Advantech,Advantech Webaccess,5.4,MEDIUM,0.0026000000070780516,false,,false,false,false,,,false,false,,2018-10-31T00:00:00.000Z,0
CVE-2018-15706,https://securityvulnerability.io/vulnerability/CVE-2018-15706,,WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.,Advantech,Advantech Webaccess,6.5,MEDIUM,0.004619999788701534,false,,false,false,false,,,false,false,,2018-10-31T00:00:00.000Z,0
CVE-2018-14828,https://securityvulnerability.io/vulnerability/CVE-2018-14828,,"Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.",Advantech,Advantech Webaccess,7.8,HIGH,0.0008299999753944576,false,,false,false,false,,,false,false,,2018-10-23T00:00:00.000Z,0
CVE-2018-14816,https://securityvulnerability.io/vulnerability/CVE-2018-14816,,"Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.",Advantech,Advantech Webaccess,9.8,CRITICAL,0.04610000178217888,false,,false,false,false,,,false,false,,2018-10-23T00:00:00.000Z,0
CVE-2018-14820,https://securityvulnerability.io/vulnerability/CVE-2018-14820,,"Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.",Advantech,Advantech Webaccess,7.5,HIGH,0.02703999914228916,false,,false,false,false,,,false,false,,2018-10-23T00:00:00.000Z,0
CVE-2018-14806,https://securityvulnerability.io/vulnerability/CVE-2018-14806,,Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.,Advantech,Advantech Webaccess,9.8,CRITICAL,0.009689999744296074,false,,false,false,false,,,false,false,,2018-10-23T00:00:00.000Z,0