Filtered by vendor Advantech Subscriptions
Total 301 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-33000 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.8 High
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
CVE-2021-32956 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
CVE-2021-32954 1 Advantech 1 Webaccess\/scada 2024-11-21 6.5 Medium
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-32951 1 Advantech 1 Webaccess\/nms 2024-11-21 5.3 Medium
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
CVE-2021-32943 1 Advantech 1 Webaccess\/scada 2024-11-21 9.8 Critical
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVE-2021-32932 1 Advantech 1 Iview 2024-11-21 7.5 High
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
CVE-2021-32930 1 Advantech 1 Iview 2024-11-21 9.8 Critical
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
CVE-2021-27437 1 Advantech 1 Wise-paas\/rmm 2024-11-21 9.1 Critical
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).
CVE-2021-27436 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
CVE-2021-22676 1 Advantech 1 Webaccess\/scada 2024-11-21 6.1 Medium
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVE-2021-22674 1 Advantech 1 Webaccess\/scada 2024-11-21 6.5 Medium
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVE-2021-22669 1 Advantech 1 Webaccess\/scada 2024-11-21 8.8 High
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
CVE-2021-22667 1 Advantech 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware 2024-11-21 9.8 Critical
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).
CVE-2021-22658 1 Advantech 1 Iview 2024-11-21 9.8 Critical
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
CVE-2021-22656 1 Advantech 1 Iview 2024-11-21 7.5 High
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
CVE-2021-22654 1 Advantech 1 Iview 2024-11-21 7.5 High
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
CVE-2021-22652 1 Advantech 1 Iview 2024-11-21 9.8 Critical
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
CVE-2021-21937 1 Advantech 1 R-seenet 2024-11-21 6.5 Medium
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
CVE-2021-21936 1 Advantech 1 R-seenet 2024-11-21 8.8 High
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.
CVE-2021-21935 1 Advantech 1 R-seenet 2024-11-21 6.5 Medium
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.