Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-28948 Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability.
network
low complexity
advantech CWE-352
8.8
2024-09-27 CVE-2024-34542 Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-37187 Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-38308 Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.
network
low complexity
advantech CWE-79
6.1
2024-09-27 CVE-2024-39275 Unspecified vulnerability in Advantech Adam-5630 Firmware
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed.
network
low complexity
advantech
8.8
2023-10-18 CVE-2023-5642 Unspecified vulnerability in Advantech R-Seenet 2.4.23
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
network
low complexity
advantech
critical
9.8
2023-10-17 CVE-2023-4215 Unspecified vulnerability in Advantech Webaccess 9.1.3
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
network
low complexity
advantech
7.5
2023-08-08 CVE-2023-4202 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
network
low complexity
advantech CWE-79
5.4
2023-08-08 CVE-2023-4203 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
network
low complexity
advantech CWE-79
5.4
2023-08-02 CVE-2023-1437 Unspecified vulnerability in Advantech Webaccess/Scada
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers.
network
low complexity
advantech
critical
9.8