Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-34542 | Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. | 5.7 |
| 2024-09-27 | CVE-2024-37187 | Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. | 5.7 |
| 2024-09-27 | CVE-2024-38308 | Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. | 6.1 |
| 2023-08-08 | CVE-2023-4202 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface. | 5.4 |
| 2023-08-08 | CVE-2023-4203 | Cross-site Scripting vulnerability in Advantech products Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. | 5.4 |
| 2022-10-27 | CVE-2022-3387 | Path Traversal vulnerability in Advantech R-Seenet Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. | 5.3 |
| 2022-07-22 | CVE-2022-2136 | SQL Injection vulnerability in Advantech Iview The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. | 6.5 |
| 2022-07-22 | CVE-2022-2137 | SQL Injection vulnerability in Advantech Iview The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information | 4.9 |
| 2022-07-22 | CVE-2022-2142 | SQL Injection vulnerability in Advantech Iview The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information. | 5.9 |
| 2021-12-22 | CVE-2021-21918 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.9 |