Filtered by vendor Advantech
Subscriptions
Total
317 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2136 | 1 Advantech | 1 Iview | 2024-11-21 | 8.8 High |
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | ||||
CVE-2022-2135 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. | ||||
CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2024-11-21 | 9.8 Critical |
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | ||||
CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 7.8 High |
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | ||||
CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 5.4 Medium |
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | ||||
CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2024-11-21 | 7.8 High |
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2024-11-21 | 8.8 High |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2024-11-21 | 8.8 High |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2024-11-21 | 8.8 High |
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2021-38431 | 1 Advantech | 1 Webaccess Scada | 2024-11-21 | 4.3 Medium |
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | ||||
CVE-2021-38408 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||||
CVE-2021-38389 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | ||||
CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.1 Medium |
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | ||||
CVE-2021-33023 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | ||||
CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.8 High |
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | ||||
CVE-2021-33002 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.8 High |
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | ||||
CVE-2021-33000 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.8 High |
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | ||||
CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | ||||
CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 Medium |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | ||||
CVE-2021-32951 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.3 Medium |
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. |