Filtered by vendor Advantech
Subscribe
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21927 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | |||||
CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-32951 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | |||||
CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | |||||
CVE-2021-33000 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||
CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
CVE-2021-21800 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | |||||
CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
CVE-2021-32930 | 1 Advantech | 1 Iview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | |||||
CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-21802 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-21803 | 1 Advantech | 1 R-seenet | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | |||||
CVE-2021-32932 | 1 Advantech | 1 Iview | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). |