Filtered by vendor Advantech
Subscriptions
Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. | ||||
| CVE-2012-0240 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-0239 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. | ||||
| CVE-2012-0238 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-0237 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. | ||||
| CVE-2012-0236 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." | ||||
| CVE-2012-0235 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2011-4522 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2008-5848 | 1 Advantech | 14 Adam-6015, Adam-6017, Adam-6018 and 11 more | 2025-04-09 | N/A |
| The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity. | ||||
| CVE-2023-4203 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2025-02-13 | 9 Critical |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | ||||
| CVE-2023-4202 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2025-02-13 | 9 Critical |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | ||||
| CVE-2023-2574 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2025-02-13 | 8.8 High |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | ||||
| CVE-2023-2573 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2025-02-13 | 8.8 High |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | ||||
| CVE-2023-2575 | 1 Advantech | 6 Eki-1521, Eki-1521 Firmware, Eki-1522 and 3 more | 2025-02-13 | 8.8 High |
| Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | ||||
| CVE-2023-2866 | 1 Advantech | 1 Webaccess | 2025-01-16 | 7.3 High |
| If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | ||||
| CVE-2023-3256 | 1 Advantech | 1 R-seenet | 2025-01-16 | 8.8 High |
| Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | ||||
| CVE-2023-2611 | 1 Advantech | 1 R-seenet | 2025-01-16 | 9.8 Critical |
| Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. | ||||
| CVE-2023-4215 | 1 Advantech | 1 Webaccess | 2025-01-16 | 6.5 Medium |
| Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | ||||
| CVE-2023-52335 | 1 Advantech | 1 Iview | 2025-01-09 | 7.5 High |
| Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863. | ||||
| CVE-2023-32628 | 1 Advantech | 1 Webaccess\/scada | 2025-01-08 | 7.2 High |
| In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | ||||