Filtered by vendor Advantech
Subscribe
Search
Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4203 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | |||||
| CVE-2023-4202 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2023-08-14 | N/A | 5.4 MEDIUM |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | |||||
| CVE-2023-1437 | 1 Advantech | 1 Webaccess\/scada | 2023-08-08 | N/A | 9.8 CRITICAL |
| All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. | |||||
| CVE-2023-3983 | 1 Advantech | 1 Iview | 2023-08-04 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection. | |||||
| CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2022-07-30 | 9.3 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2022-07-29 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2022-07-29 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
| CVE-2022-2142 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 5.9 MEDIUM |
| The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2138 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 7.5 HIGH |
| The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. | |||||
| CVE-2022-2136 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 6.5 MEDIUM |
| The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | |||||
| CVE-2022-2137 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 4.9 MEDIUM |
| The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | |||||
| CVE-2022-2135 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 7.5 HIGH |
| The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | |||||
| CVE-2021-21918 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | |||||
| CVE-2021-21931 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21928 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21930 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21932 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21933 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21934 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21929 | 1 Advantech | 1 R-seenet | 2022-07-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21921 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21920 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21922 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21919 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | |||||
| CVE-2021-21923 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. | |||||
| CVE-2021-21924 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. | |||||
| CVE-2021-21925 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | |||||
| CVE-2021-21927 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | |||||
| CVE-2021-21926 | 1 Advantech | 1 R-seenet | 2022-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter. | |||||
| CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2022-07-02 | 6.8 MEDIUM | 6.5 MEDIUM |
| Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
| CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-07-02 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 4.0 MEDIUM | 7.7 HIGH |
| A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2022-06-29 | 7.2 HIGH | 8.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2022-05-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2022-05-31 | 7.2 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-22667 | 1 Advantech | 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware | 2022-05-27 | 10.0 HIGH | 9.8 CRITICAL |
| BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | |||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2021-21915 | 1 Advantech | 1 R-seenet | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2022-04-28 | 7.2 HIGH | 7.8 HIGH |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
| CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2022-04-28 | 10.0 HIGH | 9.8 CRITICAL |
| An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2022-04-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
| CVE-2021-21804 | 1 Advantech | 1 R-seenet | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||