Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2019-18235 | Improper Restriction of Excessive Authentication Attempts vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | 9.8 |
| 2021-03-17 | CVE-2019-18233 | Cross-site Scripting vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | 6.1 |
| 2021-03-17 | CVE-2019-18231 | Cleartext Transmission of Sensitive Information vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. | 7.5 |
| 2021-03-03 | CVE-2020-13554 | Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. | 7.8 |
| 2021-02-24 | CVE-2021-22667 | Use of Hard-coded Credentials vulnerability in Advantech Bb-Eswgp506-2Sfp-T Firmware BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | 9.8 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 8.8 |
| 2021-02-17 | CVE-2020-13555 | Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. | 8.8 |
| 2021-02-17 | CVE-2020-13553 | Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. | 8.8 |
| 2021-02-17 | CVE-2020-13552 | Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. | 8.8 |
| 2021-02-17 | CVE-2020-13551 | Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1 An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. | 8.8 |