ReportizFlow
Filtered by vendor Advantech
Subscriptions
Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 9.8 Critical |
| The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
| CVE-2021-32932 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
| The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | ||||
| CVE-2021-32930 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | ||||
| CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 9.1 Critical |
| The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | ||||
| CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
| WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | ||||
| CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
| UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
| CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 Medium |
| The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
| CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | ||||
| CVE-2021-22667 | 1 Advantech | 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware | 2024-11-21 | 9.8 Critical |
| BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | ||||
| CVE-2021-22658 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | ||||
| CVE-2021-22656 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | ||||
| CVE-2021-22654 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
| Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | ||||
| CVE-2021-22652 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | ||||
| CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21934 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21933 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21932 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
| CVE-2021-21931 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
| A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | ||||