Filtered by vendor Advantech
Subscriptions
Total
301 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-33000 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.8 High |
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | ||||
CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | ||||
CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 Medium |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | ||||
CVE-2021-32951 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 5.3 Medium |
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | ||||
CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 9.8 Critical |
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
CVE-2021-32932 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | ||||
CVE-2021-32930 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | ||||
CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2024-11-21 | 9.1 Critical |
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | ||||
CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | ||||
CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.1 Medium |
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 Medium |
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||||
CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | ||||
CVE-2021-22667 | 1 Advantech | 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware | 2024-11-21 | 9.8 Critical |
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | ||||
CVE-2021-22658 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | ||||
CVE-2021-22656 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | ||||
CVE-2021-22654 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | ||||
CVE-2021-22652 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | ||||
CVE-2021-21937 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
CVE-2021-21936 | 1 Advantech | 1 R-seenet | 2024-11-21 | 8.8 High |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | ||||
CVE-2021-21935 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 Medium |
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. |