Vulnerabilities > Advantech
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-21936 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 8.8 |
| 2021-12-22 | CVE-2021-21937 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 6.5 |
| 2021-11-15 | CVE-2021-42703 | Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | 6.1 |
| 2021-11-15 | CVE-2021-42706 | Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | 7.8 |
| 2021-10-27 | CVE-2021-32951 | Improper Authentication vulnerability in Advantech Webaccess/Nms 2.0.3/3.0.2 WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | 5.3 |
| 2021-10-18 | CVE-2021-33023 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | 9.8 |
| 2021-10-18 | CVE-2021-38389 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | 9.8 |
| 2021-10-15 | CVE-2021-38431 | Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3 An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | 4.3 |
| 2021-09-09 | CVE-2021-38408 | Stack-based Buffer Overflow vulnerability in Advantech Webaccess A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | 9.8 |
| 2021-08-10 | CVE-2021-22676 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. | 6.1 |