Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-34542 Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-37187 Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-38308 Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.
network
low complexity
advantech CWE-79
6.1
2023-08-08 CVE-2023-4202 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
network
low complexity
advantech CWE-79
5.4
2023-08-08 CVE-2023-4203 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
network
low complexity
advantech CWE-79
5.4
2022-10-27 CVE-2022-3387 Path Traversal vulnerability in Advantech R-Seenet
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks.
network
low complexity
advantech CWE-22
5.3
2022-07-22 CVE-2022-2136 SQL Injection vulnerability in Advantech Iview
The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.
network
low complexity
advantech CWE-89
6.5
2022-07-22 CVE-2022-2137 SQL Injection vulnerability in Advantech Iview
The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information
network
low complexity
advantech CWE-89
4.9
2022-07-22 CVE-2022-2142 SQL Injection vulnerability in Advantech Iview
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
network
high complexity
advantech CWE-89
5.9
2021-12-22 CVE-2021-21918 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
A specially-crafted HTTP request can lead to SQL injection.
network
low complexity
advantech CWE-89
4.9