Filtered by vendor Advantech Subscriptions
Total 317 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2136 1 Advantech 1 Iview 2024-11-21 8.8 High
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
CVE-2022-2135 1 Advantech 1 Iview 2024-11-21 7.5 High
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
CVE-2022-22987 1 Advantech 2 Adam-3600, Adam-3600 Firmware 2024-11-21 9.8 Critical
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
CVE-2021-42706 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 7.8 High
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
CVE-2021-42703 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 5.4 Medium
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
CVE-2021-40397 1 Advantech 1 Wise-paas\/ota 2024-11-21 7.8 High
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40396 1 Advantech 1 Deviceon\/iservice 2024-11-21 8.8 High
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40389 1 Advantech 1 Deviceon\/iedge 2024-11-21 8.8 High
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40388 1 Advantech 1 Sq Manager 2024-11-21 8.8 High
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-38431 1 Advantech 1 Webaccess Scada 2024-11-21 4.3 Medium
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
CVE-2021-38408 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVE-2021-38389 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2021-34540 1 Advantech 1 Webaccess 2024-11-21 6.1 Medium
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
CVE-2021-33023 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2021-33004 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-33002 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-33000 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-32956 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
CVE-2021-32954 1 Advantech 1 Webaccess\/scada 2024-11-21 6.5 Medium
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-32951 1 Advantech 1 Webaccess\/nms 2024-11-21 5.3 Medium
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.