Vulnerabilities > Advantech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-18 | CVE-2021-33023 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. | 9.8 |
| 2021-10-18 | CVE-2021-38389 | Out-of-bounds Write vulnerability in Advantech Webaccess Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. | 9.8 |
| 2021-09-09 | CVE-2021-38408 | Stack-based Buffer Overflow vulnerability in Advantech Webaccess A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | 9.8 |
| 2021-08-10 | CVE-2021-32943 | Out-of-bounds Write vulnerability in Advantech Webaccess/Scada The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | 9.8 |
| 2021-08-05 | CVE-2021-21805 | OS Command Injection vulnerability in Advantech R-Seenet 2.4.12 An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
| 2021-07-16 | CVE-2021-21804 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
| 2021-06-11 | CVE-2021-32930 | Missing Authentication for Critical Function vulnerability in Advantech Iview The affected product’s configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182). | 9.8 |
| 2021-05-07 | CVE-2021-27437 | Use of Hard-coded Credentials vulnerability in Advantech Wise-Paas/Rmm 3.3.29 The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. | 9.1 |
| 2021-03-17 | CVE-2019-18235 | Improper Restriction of Excessive Authentication Attempts vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack. | 9.8 |
| 2021-02-24 | CVE-2021-22667 | Use of Hard-coded Credentials vulnerability in Advantech Bb-Eswgp506-2Sfp-T Firmware BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | 9.8 |