Webaccess

This hub aggregates every CVE we track for Webaccess, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Webaccess.

• CVE-2023-4215Advantech WebAccess Debug Messages Revealing Unnecessary Information6.5Oct 16, 2023
• CVE-2023-2866Advantech WebAccess Insufficient Type Distinction7.3Jun 7, 2023
• CVE-2021-38389Advantech WebAccess9.8Oct 18, 2021
• CVE-2021-33023Advantech WebAccess9.8Oct 18, 2021
• CVE-2021-38408A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.9.8Sep 9, 2021
• CVE-2021-34540Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.6.1Jun 11, 2021
• CVE-2020-16202WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.7.8Sep 22, 2020
• CVE-2020-12019WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.9.8Jun 15, 2020
• CVE-2020-12018Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.7.5May 8, 2020
• CVE-2020-12002Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied dat...9.8May 8, 2020
• CVE-2020-10638Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data...9.8May 8, 2020
• CVE-2020-12026Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applicati...8.8May 8, 2020
• CVE-2020-12014Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.7.5May 8, 2020
• CVE-2020-12006Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applicati...9.8May 8, 2020
• CVE-2020-12010Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to dele...7.1May 8, 2020