Vulnerabilities > Advantech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-18 | CVE-2023-5642 | Unspecified vulnerability in Advantech R-Seenet 2.4.23 Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. | 9.8 |
| 2023-08-02 | CVE-2023-1437 | Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. | 9.8 |
| 2023-06-22 | CVE-2023-2611 | Use of Hard-coded Credentials vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. | 9.8 |
| 2023-06-06 | CVE-2023-32540 | Code Injection vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution. | 9.8 |
| 2023-06-06 | CVE-2023-32628 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution. | 9.8 |
| 2022-10-27 | CVE-2022-3385 | Out-of-bounds Write vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2022-10-27 | CVE-2022-3386 | Out-of-bounds Write vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. | 9.8 |
| 2022-07-22 | CVE-2022-2139 | Path Traversal vulnerability in Advantech Iview The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | 9.8 |
| 2022-07-22 | CVE-2022-2143 | Unspecified vulnerability in Advantech Iview The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
| 2022-02-04 | CVE-2022-22987 | Use of Hard-coded Credentials vulnerability in Advantech Adam-3600 Firmware 2.6.2 The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | 9.8 |