Filtered by vendor Advantech
Subscribe
Total
294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21802 | 1 Advantech | 1 R-seenet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. | |||||
CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | |||||
CVE-2021-21800 | 1 Advantech | 1 R-seenet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information. | |||||
CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2021-22658 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | |||||
CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | |||||
CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2021-22667 | 1 Advantech | 2 Bb-eswgp506-2sfp-t, Bb-eswgp506-2sfp-t Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | |||||
CVE-2019-18235 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | |||||
CVE-2021-22656 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | |||||
CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | |||||
CVE-2020-16202 | 1 Advantech | 1 Webaccess | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. | |||||
CVE-2021-22654 | 1 Advantech | 1 Iview | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information. | |||||
CVE-2019-18231 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. | |||||
CVE-2019-18233 | 1 Advantech | 2 Spectre Rt Ert351, Spectre Rt Ert351 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | |||||
CVE-2021-22652 | 1 Advantech | 1 Iview | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | |||||
CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | |||||
CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. |