Webaccess\/scada
This hub aggregates every CVE we track for Webaccess\/scada, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
42
CVEs tracked
11
Critical
20
High
0
In CISA KEV
Severity distribution
HIGH20MEDIUM11CRITICAL11
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
5
0
0
0
0
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Webaccess\/scada.
- CVE-2026-6888SQL Injection Vulnerability7.2
- CVE-2025-67653Advantech WebAccess/SCADA Path Traversal4.3
- CVE-2025-46268Advantech WebAccess/SCADA SQL Injection6.3
- CVE-2025-14848Advantech WebAccess/SCADA Absolute Path Traversal4.3
- CVE-2025-14849Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type8.8
- CVE-2025-14850Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory8.1
- CVE-2024-2453Advantech WebAccess/SCADA SQL Injection6.4
- CVE-2023-1437CVE-2023-14379.8
- CVE-2023-2866Advantech WebAccess Insufficient Type Distinction7.3
- CVE-2023-22450 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager u...7.2
- CVE-2023-32540 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system file...7.2
- CVE-2023-32628 In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when upload...7.2
- CVE-2021-32943The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, ...9.8
- CVE-2021-22676UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/sessio...6.1
- CVE-2021-22674The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions ...6.5
Product normalization is registry-driven with AI assist and human review. How it works