Filtered by vendor Advantech
Subscribe
Total
294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | |||||
CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | |||||
CVE-2021-33000 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-21803 | 1 Advantech | 1 R-seenet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-32932 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | |||||
CVE-2021-33002 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||
CVE-2021-33004 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). | |||||
CVE-2021-21804 | 1 Advantech | 1 R-seenet | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. | |||||
CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
CVE-2021-32930 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | |||||
CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | |||||
CVE-2021-22676 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-27437 | 1 Advantech | 1 Wise-paas\/rmm | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1). | |||||
CVE-2021-22674 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
CVE-2021-21799 | 1 Advantech | 1 R-seenet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability. |