Vulnerabilities > Advantech > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-21915 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
2021-12-22 CVE-2021-21916 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
2021-12-22 CVE-2021-21917 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
8.8
2021-12-22 CVE-2021-21936 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
A specially-crafted HTTP request can lead to SQL injection.
network
low complexity
advantech CWE-89
8.8
2021-11-15 CVE-2021-42706 Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
local
low complexity
advantech CWE-416
7.8
2021-06-24 CVE-2021-33000 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution.
local
low complexity
advantech CWE-787
7.8
2021-06-24 CVE-2021-33002 Unspecified vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code.
local
low complexity
advantech
7.8
2021-06-24 CVE-2021-33004 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code.
local
low complexity
advantech CWE-787
7.8
2021-06-11 CVE-2021-32932 Unspecified vulnerability in Advantech Iview
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
network
low complexity
advantech
7.5
2021-04-26 CVE-2021-22669 Unspecified vulnerability in Advantech Webaccess/Scada
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
network
low complexity
advantech
8.8