VYPR

Vendor CVEs

Advantech

All CVEs

325 total · sorted by risk
  • CVE-2021-38389Oct 18, 2021
    risk 0.00cvss epss 0.10

    Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

  • CVE-2021-33023Oct 18, 2021
    risk 0.00cvss epss 0.02

    Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

  • CVE-2021-38431Oct 15, 2021
    risk 0.00cvss epss 0.01

    An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

  • CVE-2021-38408Sep 9, 2021
    risk 0.00cvss epss 0.12

    A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

  • CVE-2021-32943Aug 10, 2021
    risk 0.00cvss epss 0.02

    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2021-22674Aug 10, 2021
    risk 0.00cvss epss 0.01

    The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2021-33002Jun 24, 2021
    risk 0.00cvss epss 0.01

    Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

  • CVE-2021-33000Jun 24, 2021
    risk 0.00cvss epss 0.01

    Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

  • CVE-2021-32954Jun 18, 2021
    risk 0.00cvss epss 0.02

    Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

  • CVE-2021-32956Jun 18, 2021
    risk 0.00cvss epss 0.01

    Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

  • CVE-2021-32930Jun 11, 2021
    risk 0.00cvss epss 0.08

    The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).

  • CVE-2021-34540Jun 11, 2021
    risk 0.00cvss epss 0.01

    Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.

  • CVE-2021-22669Apr 26, 2021
    risk 0.00cvss epss 0.01

    Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges…

  • CVE-2019-18235Mar 17, 2021
    risk 0.00cvss epss 0.01

    Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.

  • CVE-2019-18231Mar 17, 2021
    risk 0.00cvss epss 0.01

    Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.

  • CVE-2019-18233Mar 17, 2021
    risk 0.00cvss epss 0.01

    In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.

  • CVE-2020-13554Mar 3, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…

  • CVE-2020-13555Feb 17, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…

  • CVE-2020-13553Feb 17, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to…

  • CVE-2020-13551Feb 17, 2021
    risk 0.00cvss epss 0.00

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM…

  • CVE-2020-13552Feb 17, 2021
    risk 0.00cvss epss 0.01

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or…

  • CVE-2020-13550Feb 17, 2021
    risk 0.00cvss epss 0.03

    A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.

  • CVE-2021-22656Feb 11, 2021
    risk 0.00cvss epss 0.03

    Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

  • CVE-2021-22658Feb 11, 2021
    risk 0.00cvss epss 0.13

    Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

  • CVE-2021-22654Feb 11, 2021
    risk 0.00cvss epss 0.12

    Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

  • CVE-2020-25157Oct 20, 2020
    risk 0.00cvss epss 0.01

    The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.

  • CVE-2020-16202Sep 22, 2020
    risk 0.00cvss epss 0.00

    WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

  • CVE-2020-16229Aug 6, 2020
    risk 0.00cvss epss 0.03

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause…

  • CVE-2020-16207Aug 6, 2020
    risk 0.00cvss epss 0.04

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of…

  • CVE-2020-16211Aug 6, 2020
    risk 0.00cvss epss 0.01

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.

  • CVE-2020-16213Aug 6, 2020
    risk 0.00cvss epss 0.03

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution,…

  • CVE-2020-16215Aug 6, 2020
    risk 0.00cvss epss 0.04

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or…

  • CVE-2020-16217Aug 6, 2020
    risk 0.00cvss epss 0.03

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.

  • CVE-2020-14501Jul 15, 2020
    risk 0.00cvss epss 0.02

    Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text.…

  • CVE-2020-14503Jul 15, 2020
    risk 0.00cvss epss 0.03

    Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.

  • CVE-2020-14499Jul 15, 2020
    risk 0.00cvss epss 0.02

    Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.

  • CVE-2020-14505Jul 15, 2020
    risk 0.00cvss epss 0.07

    Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command…

  • CVE-2020-14497Jul 15, 2020
    risk 0.00cvss epss 0.05

    Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely…

  • CVE-2020-14507Jul 15, 2020
    risk 0.00cvss epss 0.05

    Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.

  • CVE-2020-12018May 8, 2020
    risk 0.00cvss epss 0.02

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

  • CVE-2020-12026May 8, 2020
    risk 0.00cvss epss 0.02

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

  • CVE-2020-12014May 8, 2020
    risk 0.00cvss epss 0.02

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.

  • CVE-2020-12006May 8, 2020
    risk 0.00cvss epss 0.04

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control.

  • CVE-2020-12010May 8, 2020
    risk 0.00cvss epss 0.01

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control.

  • CVE-2020-12022May 8, 2020
    risk 0.00cvss epss 0.02

    Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.

  • CVE-2020-10619Apr 9, 2020
    risk 0.00cvss epss 0.14

    An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

  • CVE-2020-10603Apr 9, 2020
    risk 0.00cvss epss 0.01

    WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.

  • CVE-2020-10631Apr 9, 2020
    risk 0.00cvss epss 0.01

    An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

  • CVE-2020-10617Apr 9, 2020
    risk 0.00cvss epss 0.01

    There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

  • CVE-2020-10621Apr 9, 2020
    risk 0.00cvss epss 0.02

    Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).

Page 5 of 7