Vulnerabilities > Advantech > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-17 CVE-2019-18231 Cleartext Transmission of Sensitive Information vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.
network
low complexity
advantech CWE-319
7.5
7.5
2021-03-03 CVE-2020-13554 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
7.8
7.8
2021-02-23 CVE-2020-25161 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
network
low complexity
advantech CWE-610
8.8
8.8
2021-02-17 CVE-2020-13555 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
8.8
2021-02-17 CVE-2020-13553 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
8.8
2021-02-17 CVE-2020-13552 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
8.8
2021-02-17 CVE-2020-13551 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
8.8
2021-02-17 CVE-2020-13550 Path Traversal vulnerability in Advantech Webaccess/Scada 9.0.1
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1.
network
low complexity
advantech CWE-22
7.7
7.7
2021-02-11 CVE-2021-22656 Path Traversal vulnerability in Advantech Iview 5.6/5.7/5.7.02
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
network
low complexity
advantech CWE-22
7.5
7.5
2021-02-11 CVE-2021-22654 SQL Injection vulnerability in Advantech Iview 5.6/5.7/5.7.02
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
network
low complexity
advantech CWE-89
7.5
7.5