Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-28948 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2024-09-27 | CVE-2024-34542 | Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | 5.7 |
| 2024-09-27 | CVE-2024-37187 | Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | 5.7 |
| 2024-09-27 | CVE-2024-38308 | Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. | 6.1 |
| 2024-09-27 | CVE-2024-39275 | Unspecified vulnerability in Advantech Adam-5630 Firmware Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. | 8.8 |
| 2023-10-18 | CVE-2023-5642 | Unspecified vulnerability in Advantech R-Seenet 2.4.23 Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | 9.8 |
| 2023-10-17 | CVE-2023-4215 | Unspecified vulnerability in Advantech Webaccess 9.1.3 Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | 7.5 |
| 2023-08-08 | CVE-2023-4202 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | 5.4 |
| 2023-08-08 | CVE-2023-4203 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | 5.4 |
| 2023-08-02 | CVE-2023-1437 | Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. | 9.8 |