Vulnerabilities > Advantech > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-11 | CVE-2021-22658 | SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02 Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. | 9.8 |
2021-02-11 | CVE-2021-22652 | Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6/5.7/5.7.02 Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | 9.8 |
2020-08-25 | CVE-2020-16245 | Path Traversal vulnerability in Advantech Iview 5.6/5.7 Advantech iView, Versions 5.7 and prior. | 9.8 |
2020-07-15 | CVE-2020-14503 | Improper Input Validation vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. | 9.8 |
2020-07-15 | CVE-2020-14501 | Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. | 9.8 |
2020-07-15 | CVE-2020-14507 | Path Traversal vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | 9.8 |
2020-07-15 | CVE-2020-14505 | Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. | 9.8 |
2020-07-15 | CVE-2020-14497 | SQL Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. | 9.8 |
2020-06-15 | CVE-2020-12019 | Out-of-bounds Write vulnerability in Advantech Webaccess WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2020-05-08 | CVE-2020-12022 | Improper Validation of Array Index vulnerability in Advantech Webaccess Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. | 9.8 |