Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2020-08-06 CVE-2020-16215 Improper Input Validation vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-20
7.8
7.8
2020-08-06 CVE-2020-16213 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-787
7.8
7.8
2020-08-06 CVE-2020-16211 Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-125
5.5
5.5
2020-08-06 CVE-2020-16207 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-787
7.8
7.8
2020-07-15 CVE-2020-14503 Improper Input Validation vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability.
network
low complexity
advantech CWE-20
critical
 9.8
9.8
2020-07-15 CVE-2020-14501 Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue.
network
low complexity
advantech CWE-306
critical
 9.8
9.8
2020-07-15 CVE-2020-14499 Unspecified vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability.
network
low complexity
advantech
7.5
7.5
2020-07-15 CVE-2020-14507 Path Traversal vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
network
low complexity
advantech CWE-22
critical
 9.8
9.8
2020-07-15 CVE-2020-14505 Injection vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability.
network
low complexity
advantech CWE-74
critical
 9.8
9.8
2020-07-15 CVE-2020-14497 SQL Injection vulnerability in Advantech Iview 5.6
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries.
network
low complexity
advantech CWE-89
critical
 9.8
9.8