Latest Advantech Vulnerabilities

CVE-2023-5642
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
Advantech R-SeeNet=2.4.23
CVE-2023-4215
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
Advantech WebAccess=9.1.3
CVE-2023-4203
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-inter...
Advantech Eki-1524 Firmware<=1.24
Advantech EKI-1524
Advantech Eki-1522 Firmware<=1.24
Advantech Eki-1522
Advantech Eki-1521 Firmware<=1.24
Advantech Eki-1521
CVE-2023-4202
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the w...
Advantech Eki-1524 Firmware<=1.21
Advantech EKI-1524
Advantech Eki-1522 Firmware<=1.21
Advantech Eki-1522
Advantech Eki-1521 Firmware<=1.21
Advantech Eki-1521
CVE-2023-1437
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use a...
Advantech Webaccess\/scada<9.1.4
Advantech WebAccess/SCADA<9.1.4
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInj...
Advantech iView<5.7.4.6752
CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
Advantech R-SeeNet<=2.4.22
Advantech ​R-SeeNet: versions 2.4.22 and prior
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Advantech R-SeeNet<=2.4.22
Advantech ​R-SeeNet: versions 2.4.22 and prior
CVE-2023-2866
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the ...
Advantech WebAccess=8.4.5
Advantech WebAccess/SCADA: version 8.4.5
CVE-2023-32628
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading...
Advantech Webaccess\/scada<=9.1.3
Advantech WebAccess/SCADA versions 9.1.3 and prior
CVE-2023-32540
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files),...
Advantech Webaccess\/scada<=9.1.3
Advantech WebAccess/SCADA versions 9.1.3 and prior
CVE-2023-22450
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user...
Advantech Webaccess\/scada<=9.1.3
Advantech WebAccess/SCADA versions 9.1.3 and prior
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafte...
Advantech Eki-1521 Firmware<=1.21
Advantech Eki-1521
Advantech Eki-1522 Firmware<=1.21
Advantech Eki-1522
Advantech Eki-1524 Firmware<=1.21
Advantech EKI-1524
CVE-2023-2575
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware<=1.21
Advantech Eki-1521
Advantech Eki-1522 Firmware<=1.21
Advantech Eki-1522
Advantech Eki-1524 Firmware<=1.21
Advantech EKI-1524
CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a craft...
Advantech Eki-1521 Firmware<=1.21
Advantech Eki-1521
Advantech Eki-1522 Firmware<=1.21
Advantech Eki-1522
Advantech Eki-1524 Firmware<=1.21
Advantech EKI-1524
CVE-2022-3385
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
Advantech R-SeeNet<=2.4.17
CVE-2022-3387
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.
Advantech R-SeeNet<=2.4.19
CVE-2022-3386
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code ...
Advantech R-SeeNet<=2.4.17
CVE-2022-3323
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote a...
Advantech iView=5.7.04.6469
CVE-2022-2139
Advantech iView<5.7.04.6469
CVE-2022-2142
Advantech iView<5.7.04.6469
CVE-2022-2137
Advantech iView<5.7.04.6469
CVE-2022-2136
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
Advantech iView<5.7.04.6469
CVE-2022-2143
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
Advantech iView<5.7.04.6469
CVE-2022-2135
The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.
Advantech iView<5.7.04.6469
CVE-2022-2138
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
Advantech iView<5.7.04.6469
CVE-2022-22987
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
Advantech Adam-3600 Firmware<=2.6.2
Advantech Adam-3600
CVE-2021-40389
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM aut...
Advantech Deviceon\/iedge=1.0.2
CVE-2021-40396
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authori...
Advantech Deviceon\/iservice=1.1.7
CVE-2021-40397
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM auth...
Advantech Wise-paas\/ota=3.0.9
CVE-2021-21937
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authe...
Advantech R-SeeNet=2.4.15
CVE-2021-21934
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or t...
Advantech R-SeeNet=2.4.15
CVE-2021-21911
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system...
Advantech R-SeeNet=2.4.15
Microsoft Windows
CVE-2021-21930
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticat...
Advantech R-SeeNet=2.4.15
CVE-2021-21932
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or t...
Advantech R-SeeNet=2.4.15
CVE-2021-21935
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any auth...
Advantech R-SeeNet=2.4.15
CVE-2021-21928
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authentica...
Advantech R-SeeNet=2.4.15
CVE-2021-21923
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account...
Advantech R-SeeNet=2.4.15
CVE-2021-21931
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authentic...
Advantech R-SeeNet=2.4.15
CVE-2021-21929
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authentic...
Advantech R-SeeNet=2.4.15
CVE-2021-21924
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cro...
Advantech R-SeeNet=2.4.15
CVE-2021-21936
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any aut...
Advantech R-SeeNet=2.4.15
CVE-2021-21915
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can...
Advantech R-SeeNet=2.4.15
CVE-2021-21912
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system...
Advantech R-SeeNet=2.4.15
Microsoft Windows
CVE-2021-21919
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administ...
Advantech R-SeeNet=2.4.15
CVE-2021-21918
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super...
Advantech R-SeeNet=2.4.15
CVE-2021-21925
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cro...
Advantech R-SeeNet=2.4.15
CVE-2021-21933
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or th...
Advantech R-SeeNet=2.4.15
CVE-2021-21917
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make auth...
Advantech R-SeeNet=2.4.15
CVE-2021-21926
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cro...
Advantech R-SeeNet=2.4.15

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203