Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-21937 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
A specially-crafted HTTP request can lead to SQL injection.
network
low complexity
advantech CWE-89
4.0
2021-11-15 CVE-2021-42703 Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
network
advantech CWE-79
4.3
2021-11-15 CVE-2021-42706 Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
local
low complexity
advantech CWE-416
4.6
2021-10-27 CVE-2021-32951 Improper Authentication vulnerability in Advantech Webaccess/Nms 2.0.3/3.0.2
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
network
low complexity
advantech CWE-287
5.0
2021-10-18 CVE-2021-33023 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
network
low complexity
advantech CWE-787
7.5
2021-10-18 CVE-2021-38389 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
network
low complexity
advantech CWE-787
7.5
2021-10-15 CVE-2021-38431 Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
network
low complexity
advantech CWE-862
4.0
2021-09-09 CVE-2021-38408 Stack-based Buffer Overflow vulnerability in Advantech Webaccess
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
network
low complexity
advantech CWE-121
7.5
2021-08-10 CVE-2021-22676 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code.
network
advantech CWE-79
4.3
2021-08-10 CVE-2021-32943 Out-of-bounds Write vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-787
7.5