Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-21932 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
| 2021-12-22 | CVE-2021-21933 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
| 2021-12-22 | CVE-2021-21934 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
| 2021-12-22 | CVE-2021-21935 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
| 2021-12-22 | CVE-2021-21937 | SQL Injection vulnerability in Advantech R-Seenet 2.4.15 A specially-crafted HTTP request can lead to SQL injection. | 4.0 |
| 2021-11-15 | CVE-2021-42703 | Cross-site Scripting vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | 4.3 |
| 2021-11-15 | CVE-2021-42706 | Use After Free vulnerability in Advantech Webaccess HMI Designer 2.1.7.32 This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | 4.6 |
| 2021-10-27 | CVE-2021-32951 | Improper Authentication vulnerability in Advantech Webaccess/Nms 2.0.3/3.0.2 WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | 5.0 |
| 2021-10-15 | CVE-2021-38431 | Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3 An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | 4.0 |
| 2021-08-10 | CVE-2021-22676 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. | 4.3 |