CVE-2017-5154 is a critical SQL injection vulnerability affecting Advantech WebAccess 8.1. According to the NVD record, an attacker who can supply malformed input to the application may be able to achieve administrative access to the application and its data files. Because the flaw is network-exploitable, requires no privileges or user interaction, and is rated CVSS 9.8, it should be treated as an urgent [truncated]
CVE-2017-5152 is a critical authentication bypass affecting Advantech WebAccess 8.1. According to the NVD record, a malicious user can access pages without authentication by requesting a specific URL on the web server. Because the issue is network-exploitable and requires no user interaction or privileges, exposed WebAccess deployments should be treated as high priority for review and mitigation.
CVE-2016-9353 affects Advantech SUISAccess Server version 3.0 and earlier. NVD describes the issue as an admin password stored in the system and encrypted with a static key hard-coded into the program, which could let an attacker recover the admin account password for reuse. Because the vulnerability exposes administrative credentials rather than a direct code-execution path, the main security impact is u [truncated]
CVE-2016-9351 is a high-severity weakness in Advantech SUISAccess Server version 3.0 and earlier. The issue is described as a directory traversal/file upload error that allows an attacker to upload and unpack a ZIP file. NVD maps the flaw to CWE-22 (Path Traversal) and gives it a CVSS 3.0 vector of AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating serious potential impact if an attacker can reach the vulner [truncated]
CVE-2016-9349 is a high-severity information disclosure issue in Advantech SUISAccess Server version 3.0 and earlier. According to the NVD record, an attacker can traverse the file system and extract files, with the impact limited to confidentiality loss. The CVE was published on 2017-02-13 and was last modified on 2026-05-13.
