VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2018-14806Oct 23, 2018
    risk 0.01cvss epss 0.05

    Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

  • CVE-2018-15704Oct 22, 2018
    risk 0.01cvss epss 0.22

    Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.

  • CVE-2011-0488Jan 18, 2011
    risk 0.01cvss epss 0.09

    Stack-based buffer overflow in NTWebServer.exe in the test web service in InduSoft NTWebServer, as distributed in Advantech Studio 6.1 and InduSoft Web Studio 7.0, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long…

  • CVE-2025-67653Dec 18, 2025
    risk 0.00cvss epss 0.01

    Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files.

  • CVE-2025-46268Dec 18, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/SCADA  is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.

  • CVE-2025-14848Dec 18, 2025
    risk 0.00cvss epss 0.01

    Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.

  • CVE-2025-14849Dec 18, 2025
    risk 0.00cvss epss 0.01

    Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2025-14850Dec 18, 2025
    risk 0.00cvss epss 0.01

    Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.

  • CVE-2025-34265Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are stored and later…

  • CVE-2025-34263Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin…

  • CVE-2025-34266Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are stored in plugin…

  • CVE-2025-34264Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored process name is stored in…

  • CVE-2025-34262Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint. When an authenticated user renames a device, the new_name value is stored and later rendered in device listings or…

  • CVE-2025-34258Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without…

  • CVE-2025-34259Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without…

  • CVE-2025-34261Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group…

  • CVE-2025-34260Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule…

  • CVE-2025-34257Dec 5, 2025
    risk 0.00cvss epss 0.00

    Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the defined_name value is stored and later rendered in the Overview page without…

  • CVE-2025-63701Nov 14, 2025
    risk 0.00cvss epss 0.00

    A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size…

  • CVE-2022-50595Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the…

  • CVE-2022-50591Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the…

  • CVE-2022-50593Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the…

  • CVE-2022-50592Nov 6, 2025
    risk 0.00cvss epss 0.01

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the…

  • CVE-2022-50594Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’…

  • CVE-2025-34247Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

  • CVE-2025-34246Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34245Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34244Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34243Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34242Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information.

  • CVE-2025-34241Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34240Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database…

  • CVE-2025-34239Nov 6, 2025
    risk 0.00cvss epss 0.02

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted…

  • CVE-2025-34238Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of…

  • CVE-2025-34237Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute…

  • CVE-2025-34236Nov 6, 2025
    risk 0.00cvss epss 0.00

    Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the…

  • CVE-2025-53509Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper…

  • CVE-2025-53515Jul 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an …

  • CVE-2025-52577Jul 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly…

  • CVE-2025-53475Jul 10, 2025
    risk 0.00cvss epss 0.04

    A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not…

  • CVE-2025-46704Jul 10, 2025
    risk 0.00cvss epss 0.03

    A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or…

  • CVE-2025-48891Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure…

  • CVE-2025-41442Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading…

  • CVE-2025-53519Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to …

  • CVE-2025-53397Jul 10, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information…

  • CVE-2024-50377Nov 26, 2024
    risk 0.00cvss epss 0.00

    A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality…

  • CVE-2024-50376Nov 26, 2024
    risk 0.00cvss epss 0.00

    A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can…

  • CVE-2024-50375Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated…

  • CVE-2024-50374Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability…

  • CVE-2024-50373Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability…

Page 3 of 7