Vulnerabilities > Advantech

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-22674 Path Traversal vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-22
4.0
4.0
2021-08-05 CVE-2021-21805 OS Command Injection vulnerability in Advantech R-Seenet 2.4.12
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-78
critical
 9.8
9.8
2021-07-16 CVE-2021-21799 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-79
6.1
6.1
2021-07-16 CVE-2021-21800 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-79
6.1
6.1
2021-07-16 CVE-2021-21801 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
6.1
2021-07-16 CVE-2021-21802 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
6.1
2021-07-16 CVE-2021-21803 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
6.1
2021-07-16 CVE-2021-21804 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-829
critical
 9.8
9.8
2021-06-24 CVE-2021-33000 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution.
network
advantech CWE-787
6.8
6.8
2021-06-24 CVE-2021-33002 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code.
network
advantech CWE-787
6.8
6.8