Vulnerabilities > Advantech > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-18 CVE-2021-33023 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
network
low complexity
advantech CWE-787
critical
9.8
2021-10-18 CVE-2021-38389 Out-of-bounds Write vulnerability in Advantech Webaccess
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
network
low complexity
advantech CWE-787
critical
9.8
2021-09-09 CVE-2021-38408 Unspecified vulnerability in Advantech Webaccess
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
network
low complexity
advantech
critical
9.8
2021-08-10 CVE-2021-32943 Out-of-bounds Write vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-787
critical
9.8
2021-08-05 CVE-2021-21805 OS Command Injection vulnerability in Advantech R-Seenet 2.4.12
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-78
critical
9.8
2021-07-16 CVE-2021-21804 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-829
critical
9.8
2021-06-11 CVE-2021-32930 Unspecified vulnerability in Advantech Iview
The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).
network
low complexity
advantech
critical
9.8
2021-05-07 CVE-2021-27437 Unspecified vulnerability in Advantech Wise-Paas/Rmm 3.3.29
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard.
network
low complexity
advantech
critical
9.1
2021-03-17 CVE-2019-18235 Unspecified vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack.
network
low complexity
advantech
critical
9.8
2021-02-24 CVE-2021-22667 Unspecified vulnerability in Advantech Bb-Eswgp506-2Sfp-T Firmware
BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior).
network
low complexity
advantech
critical
9.8