Filtered by vendor Advantech Subscriptions
Total 301 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3942 1 Advantech 1 Webaccess 2024-11-21 7.5 High
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password.
CVE-2019-3941 1 Advantech 1 Webaccess 2024-11-21 N/A
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC.
CVE-2019-3940 1 Advantech 1 Webaccess 2024-11-21 N/A
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code.
CVE-2019-18257 1 Advantech 1 Diaganywhere 2024-11-21 9.8 Critical
In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple stack-based buffer overflow vulnerabilities exist in the file transfer service listening on the TCP port. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.
CVE-2019-18235 1 Advantech 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware 2024-11-21 9.8 Critical
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
CVE-2019-18233 1 Advantech 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware 2024-11-21 6.1 Medium
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
CVE-2019-18231 1 Advantech 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware 2024-11-21 7.5 High
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.
CVE-2019-18229 1 Advantech 1 Wise-paas\/rmm 2024-11-21 6.5 Medium
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
CVE-2019-18227 1 Advantech 1 Wise-paas\/rmm 2024-11-21 7.5 High
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVE-2019-16901 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.5 High
Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4.
CVE-2019-16900 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.5 High
Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c.
CVE-2019-16899 1 Advantech 1 Webaccess\/hmi Designer 2024-11-21 7.5 High
In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918.
CVE-2019-13558 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash.
CVE-2019-13556 1 Advantech 1 Webaccess 2024-11-21 8.8 High
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
CVE-2019-13552 1 Advantech 1 Webaccess 2024-11-21 8.8 High
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution.
CVE-2019-13551 1 Advantech 1 Wise-paas\/rmm 2024-11-21 9.8 Critical
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVE-2019-13550 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash.
CVE-2019-13547 1 Advantech 1 Wise-paas\/rmm 2024-11-21 9.8 Critical
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVE-2019-10993 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.
CVE-2019-10991 1 Advantech 1 Webaccess 2024-11-21 9.8 Critical
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.