Filtered by vendor Advantech Subscriptions
Total 301 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-2142 1 Advantech 1 Iview 2024-11-21 8.1 High
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
CVE-2022-2139 1 Advantech 1 Iview 2024-11-21 6.5 Medium
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
CVE-2022-2138 1 Advantech 1 Iview 2024-11-21 8.2 High
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
CVE-2022-2137 1 Advantech 1 Iview 2024-11-21 4.9 Medium
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
CVE-2022-2136 1 Advantech 1 Iview 2024-11-21 8.8 High
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
CVE-2022-2135 1 Advantech 1 Iview 2024-11-21 7.5 High
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
CVE-2022-22987 1 Advantech 2 Adam-3600, Adam-3600 Firmware 2024-11-21 9.8 Critical
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
CVE-2021-42706 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 7.8 High
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
CVE-2021-42703 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 5.4 Medium
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
CVE-2021-40397 1 Advantech 1 Wise-paas\/ota 2024-11-21 7.8 High
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40396 1 Advantech 1 Deviceon\/iservice 2024-11-21 8.8 High
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40389 1 Advantech 1 Deviceon\/iedge 2024-11-21 8.8 High
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-40388 1 Advantech 1 Sq Manager 2024-11-21 8.8 High
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-38431 1 Advantech 1 Webaccess Scada 2024-11-21 4.3 Medium
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
CVE-2021-38408 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVE-2021-38389 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2021-34540 1 Advantech 1 Webaccess 2024-11-21 6.1 Medium
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
CVE-2021-33023 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2021-33004 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-33002 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).