Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-34542 Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-37187 Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
low complexity
advantech CWE-522
5.7
2024-09-27 CVE-2024-38308 Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.
network
low complexity
advantech CWE-79
6.1
2023-08-08 CVE-2023-4202 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
network
low complexity
advantech CWE-79
5.4
2023-08-08 CVE-2023-4203 Cross-site Scripting vulnerability in Advantech products
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
network
low complexity
advantech CWE-79
5.4
2022-10-27 CVE-2022-3387 Path Traversal vulnerability in Advantech R-Seenet
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks.
network
low complexity
advantech CWE-22
5.3
2021-12-22 CVE-2021-21915 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
6.5
2021-12-22 CVE-2021-21916 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
6.5
2021-12-22 CVE-2021-21917 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021).
network
low complexity
advantech CWE-89
6.5
2021-12-22 CVE-2021-21918 SQL Injection vulnerability in Advantech R-Seenet 2.4.15
A specially-crafted HTTP request can lead to SQL injection.
network
low complexity
advantech CWE-89
4.0