Vulnerabilities > Advantech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-28948 | Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2024-09-27 | CVE-2024-39275 | Unspecified vulnerability in Advantech Adam-5630 Firmware Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. | 8.8 |
| 2023-10-17 | CVE-2023-4215 | Unspecified vulnerability in Advantech Webaccess 9.1.3 Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | 7.5 |
| 2023-07-31 | CVE-2023-3983 | SQL Injection vulnerability in Advantech Iview An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. | 8.8 |
| 2023-06-22 | CVE-2023-3256 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | 8.1 |
| 2023-06-07 | CVE-2023-2866 | Insufficient Verification of Data Authenticity vulnerability in Advantech Webaccess 8.4.5 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. | 7.8 |
| 2023-06-06 | CVE-2023-22450 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Scada In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution. | 7.2 |
| 2023-05-08 | CVE-2023-2573 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2574 | Command Injection vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. | 8.8 |
| 2023-05-08 | CVE-2023-2575 | Out-of-bounds Write vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | 8.8 |