cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4215,https://securityvulnerability.io/vulnerability/CVE-2023-4215,Advantech WebAccess Debug Messages Revealing Unnecessary Information,"Advantech WebAccess version 9.1.3 is affected by a vulnerability that permits unauthorized access to sensitive user information, potentially leading to the leakage of user credentials. This exposure represents a significant security risk, necessitating immediate attention for users utilizing this version.",Advantech,Webaccess,6.5,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2023-10-17T00:15:00.000Z,0
CVE-2021-38389,https://securityvulnerability.io/vulnerability/CVE-2021-38389,Advantech WebAccess,"Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.",Advantech,Webaccess,9.8,CRITICAL,0.006819999776780605,false,,false,false,false,,,false,false,,2021-10-18T13:15:00.000Z,0
CVE-2021-33023,https://securityvulnerability.io/vulnerability/CVE-2021-33023,Advantech WebAccess,"Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.",Advantech,Webaccess,9.8,CRITICAL,0.009410000406205654,false,,false,false,false,,,false,false,,2021-10-18T13:15:00.000Z,0
CVE-2021-38431,https://securityvulnerability.io/vulnerability/CVE-2021-38431,Advantech WebAccess SCADA,An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.,Advantech,Webaccess Scada,4.3,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2021-10-15T13:15:00.000Z,0
CVE-2021-38408,https://securityvulnerability.io/vulnerability/CVE-2021-38408,Stack-Based Buffer Overflow in Advantech WebAccess Product,"A stack-based buffer overflow vulnerability exists in Advantech WebAccess Versions 9.02 and earlier, triggered by insufficient validation of user-input length. If exploited, this vulnerability may enable attackers to execute arbitrary code remotely, leading to potential unauthorized access and control of affected systems.",Advantech,Advantech Webaccess,9.8,CRITICAL,0.012539999559521675,false,,false,false,false,,,false,false,,2021-09-09T11:24:58.000Z,0
CVE-2021-33002,https://securityvulnerability.io/vulnerability/CVE-2021-33002,Out-of-Bounds Write Vulnerability in WebAccess HMI Designer by Advantech,"The WebAccess HMI Designer by Advantech is susceptible to an out-of-bounds write vulnerability, which can be triggered when a user opens a maliciously crafted project file. This flaw may allow an attacker to execute arbitrary code on the affected system, potentially compromising its integrity and security. User interaction is necessary for exploitation, emphasizing the importance of vigilant software usage and caution when handling project files from untrusted sources.",Advantech,Webaccess Hmi Designer,7.8,HIGH,0.006659999955445528,false,,false,false,false,,,false,false,,2021-06-24T17:38:19.000Z,0
CVE-2021-33004,https://securityvulnerability.io/vulnerability/CVE-2021-33004,Memory Corruption Vulnerability in WebAccess HMI Designer by Advantech,"The WebAccess HMI Designer from Advantech is susceptible to a memory corruption issue stemming from inadequate validation of user-uploaded files. This flaw permits an attacker to potentially execute arbitrary code, necessitating user interaction on versions 2.1.9.95 and earlier. Proper file handling and input validation measures are critical to safeguarding against such vulnerabilities.",Advantech,Webaccess Hmi Designer,7.8,HIGH,0.0023300000466406345,false,,false,false,false,,,false,false,,2021-06-24T17:34:07.000Z,0
CVE-2021-33000,https://securityvulnerability.io/vulnerability/CVE-2021-33000,Heap-based Buffer Overflow in WebAccess HMI Designer Affects Multiple Versions,"The WebAccess HMI Designer can be exploited through a maliciously crafted project file, potentially leading to a heap-based buffer overflow. This could enable an attacker to execute arbitrary code within the context of the application. It's important to note that user interaction is required to trigger this vulnerability, making it essential for users to be cautious when opening project files from untrusted sources.",Advantech,Webaccess Hmi Designer,7.8,HIGH,0.008229999803006649,false,,false,false,false,,,false,false,,2021-06-24T17:30:20.000Z,0
CVE-2021-34540,https://securityvulnerability.io/vulnerability/CVE-2021-34540,Cross-Site Scripting Vulnerability in Advantech WebAccess Products,"A Cross-Site Scripting vulnerability exists in Advantech WebAccess versions 8.4.2 and 8.4.4. This issue arises from improper validation of user input in the username field on the bwRoot.asp page of WADashboard, allowing attackers to inject malicious scripts. Exploitation of this vulnerability can lead to a range of attacks, including session hijacking, data theft, and defacement of user interfaces.",Advantech,Webaccess,6.1,MEDIUM,0.0017999999690800905,false,,false,false,false,,,false,false,,2021-06-11T11:26:02.000Z,0
CVE-2020-16202,https://securityvulnerability.io/vulnerability/CVE-2020-16202,Permissions Flaw in WebAccess Node by Advantech,"A permissive misconfiguration in WebAccess Node, prior to version 9.0.1, exposes specific resources to unauthorized access. This flaw could enable an attacker to execute arbitrary code with system privileges, potentially compromising system integrity and security.",Advantech,Webaccess Node,7.8,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2020-09-22T14:28:36.000Z,0
CVE-2020-16229,https://securityvulnerability.io/vulnerability/CVE-2020-16229,Type Confusion Vulnerability in Advantech WebAccess HMI Designer,"A vulnerability in Advantech WebAccess HMI Designer enables a type confusion condition due to improper validation of user-supplied data when processing specially crafted project files. This flaw may allow attackers to execute remote code, potentially leading to unauthorized access, information disclosure, data modification, or application instability.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2020-08-06T18:24:10.000Z,0
CVE-2020-16207,https://securityvulnerability.io/vulnerability/CVE-2020-16207,Heap-Based Buffer Overflow Vulnerabilities in Advantech WebAccess HMI Designer,"Advantech WebAccess HMI Designer versions 2.1.9.31 and earlier are susceptible to multiple heap-based buffer overflow vulnerabilities. These vulnerabilities can be triggered by opening specially crafted project files, potentially leading to serious consequences such as remote code execution, unauthorized information disclosure or modification, and application crashes. It is crucial for users of this software to address these vulnerabilities promptly to mitigate the risks associated with potential exploitation.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.03894000127911568,false,,false,false,false,,,false,false,,2020-08-06T18:22:34.000Z,0
CVE-2020-16211,https://securityvulnerability.io/vulnerability/CVE-2020-16211,Out-of-Bounds Read Vulnerability in Advantech WebAccess HMI Designer,"Advantech WebAccess HMI Designer has an out-of-bounds read vulnerability affecting versions 2.1.9.31 and earlier. This issue arises from the processing of specially crafted project files, which could allow an attacker to exploit the vulnerability to read sensitive information that should not be accessible. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.",Advantech,Advantech Webaccess Hmi Designer,5.5,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2020-08-06T18:21:40.000Z,0
CVE-2020-16213,https://securityvulnerability.io/vulnerability/CVE-2020-16213,Remote Code Execution Vulnerability in Advantech WebAccess HMI Designer,"The Advantech WebAccess HMI Designer is susceptible to a vulnerability that allows remote attackers to exploit specially crafted project files. This flaw occurs due to improper validation of user-supplied data, potentially leading to unauthorized control over the system, disclosure of sensitive information, modification of stored data, or crashing of the application. It is crucial for users to update their systems to prevent exploitation by malicious actors.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2020-08-06T18:20:45.000Z,0
CVE-2020-16215,https://securityvulnerability.io/vulnerability/CVE-2020-16215,Buffer Overflow in Advantech WebAccess HMI Designer Compromises Security,"Advantech WebAccess HMI Designer, specifically versions 2.1.9.31 and earlier, is vulnerable due to improper validation of user-supplied data in specially crafted project files. This may lead to a stack-based buffer overflow, enabling attackers to execute remote code, access or modify sensitive information, or cause the application to crash, effectively compromising the integrity and availability of the HMI Designer's functionality.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.007069999817758799,false,,false,false,false,,,false,false,,2020-08-06T18:19:43.000Z,0
CVE-2020-16217,https://securityvulnerability.io/vulnerability/CVE-2020-16217,Double Free Vulnerability in Advantech WebAccess HMI Designer,"A double free vulnerability exists in Advantech WebAccess HMI Designer, specifically in versions 2.1.9.31 and earlier. This vulnerability arises from improper handling of specially crafted project files, which may lead to potential remote code execution, unauthorized disclosure or modification of sensitive information, and instability of the application, causing it to crash.",Advantech,Advantech Webaccess Hmi Designer,7.8,HIGH,0.0022100000642240047,false,,false,false,false,,,false,false,,2020-08-06T18:15:51.000Z,0
CVE-2020-12019,https://securityvulnerability.io/vulnerability/CVE-2020-12019,,"WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.",Advantech,Webaccess Node,9.8,CRITICAL,0.1052900031208992,false,,false,false,false,,,false,false,,2020-06-15T19:08:06.000Z,0
CVE-2020-12018,https://securityvulnerability.io/vulnerability/CVE-2020-12018,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.",Advantech,Advantech Webaccess Node,7.5,HIGH,0.007960000075399876,false,,false,false,false,,,false,false,,2020-05-08T11:51:50.000Z,0
CVE-2020-12002,https://securityvulnerability.io/vulnerability/CVE-2020-12002,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.12957000732421875,false,,false,false,false,,,false,false,,2020-05-08T11:50:42.000Z,0
CVE-2020-10638,https://securityvulnerability.io/vulnerability/CVE-2020-10638,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.1466600000858307,false,,false,false,false,,,false,false,,2020-05-08T11:49:32.000Z,0
CVE-2020-12026,https://securityvulnerability.io/vulnerability/CVE-2020-12026,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.",Advantech,Advantech Webaccess Node,8.8,HIGH,0.007660000119358301,false,,false,false,false,,,false,false,,2020-05-08T11:48:19.000Z,0
CVE-2020-12014,https://securityvulnerability.io/vulnerability/CVE-2020-12014,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.",Advantech,Advantech Webaccess Node,7.5,HIGH,0.011260000057518482,false,,false,false,false,,,false,false,,2020-05-08T11:46:31.000Z,0
CVE-2020-12006,https://securityvulnerability.io/vulnerability/CVE-2020-12006,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.016860000789165497,false,,false,false,false,,,false,false,,2020-05-08T11:41:41.000Z,0
CVE-2020-12010,https://securityvulnerability.io/vulnerability/CVE-2020-12010,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.",Advantech,Advantech Webaccess Node,7.1,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2020-05-08T11:40:22.000Z,0
CVE-2020-12022,https://securityvulnerability.io/vulnerability/CVE-2020-12022,,"Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.",Advantech,Advantech Webaccess Node,9.8,CRITICAL,0.00482999999076128,false,,false,false,false,,,false,false,,2020-05-08T11:38:54.000Z,0