Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-18 CVE-2023-5642 Unspecified vulnerability in Advantech R-Seenet 2.4.23
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
network
low complexity
advantech
critical
9.8
2023-08-02 CVE-2023-1437 Untrusted Pointer Dereference vulnerability in Advantech Webaccess/Scada
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers.
network
low complexity
advantech CWE-822
critical
9.8
2023-06-22 CVE-2023-2611 Use of Hard-coded Credentials vulnerability in Advantech R-Seenet
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list.
network
low complexity
advantech CWE-798
critical
9.8
2023-06-06 CVE-2023-32540 Code Injection vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
network
low complexity
advantech CWE-94
critical
9.8
2023-06-06 CVE-2023-32628 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
network
low complexity
advantech CWE-434
critical
9.8
2022-10-27 CVE-2022-3385 Out-of-bounds Write vulnerability in Advantech R-Seenet
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow.
network
low complexity
advantech CWE-787
critical
9.8
2022-10-27 CVE-2022-3386 Out-of-bounds Write vulnerability in Advantech R-Seenet
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow.
network
low complexity
advantech CWE-787
critical
9.8
2022-07-22 CVE-2022-2143 Unspecified vulnerability in Advantech Iview
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
advantech
critical
9.8
2022-01-28 CVE-2021-40397 Incorrect Default Permissions vulnerability in Advantech Wise-Paas/Ota 3.0.9
A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9.
network
advantech CWE-276
critical
9.3
2021-08-05 CVE-2021-21805 OS Command Injection vulnerability in Advantech R-Seenet 2.4.12
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-78
critical
9.8