Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-06 | CVE-2023-32540 | Code Injection vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 9.8 |
| 2023-06-06 | CVE-2023-32628 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 9.8 |
| 2023-05-08 | CVE-2023-2573 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2574 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2575 | Out-of-bounds Write vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2022-10-27 | CVE-2022-3385 | Out-of-bounds Write vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2022-10-27 | CVE-2022-3386 | Out-of-bounds Write vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2022-10-27 | CVE-2022-3387 | Path Traversal vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. | 5.3 |
| 2022-09-27 | CVE-2022-3323 | SQL Injection vulnerability in Advantech Iview 5.7.04.6469 An SQL injection vulnerability in Advantech iView 5.7.04.6469. | 7.5 |
| 2022-07-22 | CVE-2022-2143 | Unspecified vulnerability in Advantech Iview The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | 9.8 |