Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-18 | CVE-2023-5642 | Unspecified vulnerability in Advantech R-Seenet 2.4.23 Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | 9.8 |
| 2023-10-17 | CVE-2023-4215 | Unspecified vulnerability in Advantech Webaccess 9.1.3 Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | 7.5 |
| 2023-08-08 | CVE-2023-4202 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | 5.4 |
| 2023-08-08 | CVE-2023-4203 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | 5.4 |
| 2023-08-02 | CVE-2023-1437 | Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. | 9.8 |
| 2023-07-31 | CVE-2023-3983 | SQL Injection vulnerability in Advantech Iview An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. | 8.8 |
| 2023-06-22 | CVE-2023-2611 | Use of Hard-coded Credentials vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. | 9.8 |
| 2023-06-22 | CVE-2023-3256 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | 8.1 |
| 2023-06-07 | CVE-2023-2866 | Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 7.8 |
| 2023-06-06 | CVE-2023-22450 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 7.2 |