Filtered by vendor Advantech
Subscriptions
Total
296 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-5848 | 1 Advantech | 14 Adam-6015, Adam-6017, Adam-6018 and 11 more | 2024-09-16 | N/A |
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. | ||||
CVE-2018-14820 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. | ||||
CVE-2018-15707 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. | ||||
CVE-2018-10590 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. | ||||
CVE-2018-7505 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. | ||||
CVE-2021-38389 | 1 Advantech | 1 Webaccess | 2024-09-16 | 9.8 Critical |
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | ||||
CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2024-09-16 | 9.8 Critical |
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | ||||
CVE-2013-2299 | 1 Advantech | 1 Advantech Webaccess | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2018-7499 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | 9.8 Critical |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | ||||
CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-09-16 | 7.8 High |
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | ||||
CVE-2021-32951 | 1 Advantech | 1 Webaccess\/nms | 2024-09-16 | 5.3 Medium |
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | ||||
CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | ||||
CVE-2018-7501 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. | ||||
CVE-2018-15703 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. | ||||
CVE-2011-1914 | 1 Advantech | 3 Adam Opc Server, Modbus Rtu Opc Server, Modbus Tcp Opc Server | 2024-09-16 | N/A |
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2022-2143 | 1 Advantech | 1 Iview | 2024-09-16 | 9.8 Critical |
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
CVE-2018-14828 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. | ||||
CVE-2018-15704 | 1 Advantech | 1 Webaccess | 2024-09-16 | N/A |
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. | ||||
CVE-2021-38431 | 1 Advantech | 1 Webaccess Scada | 2024-09-16 | 4.3 Medium |
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | ||||
CVE-2018-10591 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-09-16 | N/A |
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. |