Filtered by vendor Advantech
Subscribe
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
CVE-2020-10623 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
CVE-2020-10625 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | |||||
CVE-2020-10631 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | |||||
CVE-2020-12002 | 1 Advantech | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
CVE-2020-12014 | 1 Advantech | 1 Webaccess | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. | |||||
CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
CVE-2020-10617 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | |||||
CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | |||||
CVE-2020-10603 | 1 Advantech | 1 Webaccess\/nms | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | |||||
CVE-2020-14503 | 1 Advantech | 1 Iview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. | |||||
CVE-2020-14505 | 1 Advantech | 1 Iview | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code. | |||||
CVE-2019-18227 | 1 Advantech | 1 Wise-paas\/rmm | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data. | |||||
CVE-2019-18229 | 1 Advantech | 1 Wise-paas\/rmm | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information. | |||||
CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | |||||
CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||||
CVE-2019-18257 | 1 Advantech | 1 Diaganywhere | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server. |