Vulnerabilities > Advantech > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-21915 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 8.8 |
| 2021-12-22 | CVE-2021-21916 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 8.8 |
| 2021-12-22 | CVE-2021-21917 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). | 8.8 |
| 2021-12-22 | CVE-2021-21936 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 8.8 |
| 2021-11-15 | CVE-2021-42706 | Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | 7.8 |
| 2021-06-24 | CVE-2021-33000 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95 Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. | 7.8 |
| 2021-06-24 | CVE-2021-33002 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95 Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-06-24 | CVE-2021-33004 | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95 The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. | 7.8 |
| 2021-06-11 | CVE-2021-32932 | SQL Injection vulnerability in Advantech Iview The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | 7.5 |
| 2021-04-26 | CVE-2021-22669 | Incorrect Permission Assignment for Critical Resource vulnerability in Advantech Webaccess/Scada Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | 8.8 |