Vulnerabilities > Advantech > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-16 | CVE-2021-21804 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Advantech R-Seenet 2.4.12 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). | 9.8 |
| 2021-04-26 | CVE-2021-22669 | Incorrect Permission Assignment for Critical Resource vulnerability in Advantech Webaccess/Scada Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | 9.0 |
| 2021-02-24 | CVE-2021-22667 | Use of Hard-coded Credentials vulnerability in Advantech Bb-Eswgp506-2Sfp-T Firmware BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials, which may allow an attacker to gain unauthorized access and permit the execution of arbitrary code on the BB-ESWGP506-2SFP-T (versions 1.01.01 and prior). | 10.0 |
| 2020-08-06 | CVE-2020-16215 | Improper Input Validation vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 9.3 |
| 2020-04-09 | CVE-2020-10621 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Nms Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | 10.0 |
| 2019-10-31 | CVE-2019-13551 | Path Traversal vulnerability in Advantech Wise-Paas/Rmm 3.3.29 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. | 10.0 |
| 2019-10-31 | CVE-2019-13547 | Missing Authentication for Critical Function vulnerability in Advantech Wise-Paas/Rmm 3.3.29 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. | 10.0 |
| 2019-09-18 | CVE-2019-13558 | Code Injection vulnerability in Advantech Webaccess In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. | 9.0 |
| 2019-09-18 | CVE-2019-13550 | Unspecified vulnerability in Advantech Webaccess In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. | 9.0 |
| 2019-06-28 | CVE-2019-10991 | Out-of-bounds Write vulnerability in Advantech Webaccess In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. | 9.8 |