Vulnerabilities > Advantech > R Seenet > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-3256 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
network
low complexity
advantech CWE-610
8.1
8.1
2021-12-22 CVE-2021-21910 Incorrect Default Permissions vulnerability in Advantech R-Seenet 2.4.15
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021).
local
low complexity
advantech CWE-276
7.8
7.8
2021-12-22 CVE-2021-21911 Improper Privilege Management vulnerability in Advantech R-Seenet 2.4.15
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021).
local
low complexity
advantech CWE-269
7.8
7.8
2021-12-22 CVE-2021-21912 Incorrect Default Permissions vulnerability in Advantech R-Seenet 2.4.15
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021).
local
low complexity
advantech CWE-276
7.8
7.8
2021-12-22 CVE-2021-21915 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
8.8
2021-12-22 CVE-2021-21916 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
8.8
2021-12-22 CVE-2021-21917 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
8.8
2021-12-22 CVE-2021-21936 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
A specially-crafted HTTP request can lead to SQL injection.
network
low complexity
advantech CWE-89
8.8
8.8
2020-10-20 CVE-2020-25157 SQL Injection vulnerability in Advantech R-Seenet
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.
network
low complexity
advantech CWE-89
7.5
7.5