VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2024-50372Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability…

  • CVE-2024-50371Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability…

  • CVE-2024-50370Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability…

  • CVE-2024-50369Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50368Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50367Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50366Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50365Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50364Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50363Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50362Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50361Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50360Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50359Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the…

  • CVE-2024-50358Nov 26, 2024
    risk 0.00cvss epss 0.01

    A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated…

  • CVE-2023-52335Nov 22, 2024
    risk 0.00cvss epss 0.01

    Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The…

  • CVE-2024-34542Sep 27, 2024
    risk 0.00cvss epss 0.00

    Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.

  • CVE-2024-28948Sep 27, 2024
    risk 0.00cvss epss 0.00

    Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

  • CVE-2024-39275Sep 27, 2024
    risk 0.00cvss epss 0.00

    Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the…

  • CVE-2024-38308Sep 27, 2024
    risk 0.00cvss epss 0.00

    Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.

  • CVE-2024-37187Sep 27, 2024
    risk 0.00cvss epss 0.00

    Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.

  • CVE-2023-4215Oct 16, 2023
    risk 0.00cvss epss 0.00

    Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.

  • CVE-2023-4203Aug 8, 2023
    risk 0.00cvss epss 0.01

    Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

  • CVE-2023-4202Aug 8, 2023
    risk 0.00cvss epss 0.01

    Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.

  • CVE-2023-1437Aug 2, 2023
    risk 0.00cvss epss 0.03

    All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the…

  • CVE-2023-3983Jul 31, 2023
    risk 0.00cvss epss 0.15

    An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.

  • CVE-2023-2611Jun 22, 2023
    risk 0.00cvss epss 0.01

    Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.

  • CVE-2023-3256Jun 22, 2023
    risk 0.00cvss epss 0.01

    Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

  • CVE-2023-2866Jun 7, 2023
    risk 0.00cvss epss 0.00

    If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.

  • CVE-2023-22450Jun 5, 2023
    risk 0.00cvss epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.

  • CVE-2023-32540Jun 5, 2023
    risk 0.00cvss epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead…

  • CVE-2023-32628Jun 5, 2023
    risk 0.00cvss epss 0.01

    In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.

  • CVE-2023-2573May 8, 2023
    risk 0.00cvss epss 0.05

    Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.

  • CVE-2023-2575May 8, 2023
    risk 0.00cvss epss 0.15

    Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.

  • CVE-2022-3387Oct 27, 2022
    risk 0.00cvss epss 0.14

    Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.

  • CVE-2022-3386Oct 27, 2022
    risk 0.00cvss epss 0.01

    Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.

  • CVE-2022-3385Oct 27, 2022
    risk 0.00cvss epss 0.01

    Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

  • CVE-2022-3323Sep 27, 2022
    risk 0.00cvss epss 0.31

    An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration…

  • CVE-2021-40396Jan 28, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-40397Jan 28, 2022
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-40389Jan 28, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2021-21917Dec 22, 2021
    risk 0.00cvss epss 0.01

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done…

  • CVE-2021-21916Dec 22, 2021
    risk 0.00cvss epss 0.01

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This…

  • CVE-2021-21915Dec 22, 2021
    risk 0.00cvss epss 0.01

    An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This…

  • CVE-2021-21911Dec 22, 2021
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a…

  • CVE-2021-21912Dec 22, 2021
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a…

  • CVE-2021-21910Dec 22, 2021
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a…

  • CVE-2021-42703Nov 15, 2021
    risk 0.00cvss epss 0.01

    This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.

  • CVE-2021-42706Nov 15, 2021
    risk 0.00cvss epss 0.00

    This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer

  • CVE-2021-32951Oct 27, 2021
    risk 0.00cvss epss 0.01

    WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

Page 4 of 7