Vulnerabilities > Advantech > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-28948 Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability.
network
low complexity
advantech CWE-352
8.8
2024-09-27 CVE-2024-39275 Unspecified vulnerability in Advantech Adam-5630 Firmware
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed.
network
low complexity
advantech
8.8
2023-10-17 CVE-2023-4215 Unspecified vulnerability in Advantech Webaccess 9.1.3
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
network
low complexity
advantech
7.5
2023-07-31 CVE-2023-3983 SQL Injection vulnerability in Advantech Iview
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752.
network
low complexity
advantech CWE-89
8.8
2023-06-22 CVE-2023-3256 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
network
low complexity
advantech CWE-610
8.1
2023-06-07 CVE-2023-2866 Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
local
low complexity
advantech CWE-345
7.8
2023-06-06 CVE-2023-22450 Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
network
low complexity
advantech CWE-434
7.2
2023-05-08 CVE-2023-2573 Command Injection vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
network
low complexity
advantech CWE-77
8.8
2023-05-08 CVE-2023-2574 Command Injection vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
network
low complexity
advantech CWE-77
8.8
2023-05-08 CVE-2023-2575 Out-of-bounds Write vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
network
low complexity
advantech CWE-787
8.8