Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-27 CVE-2021-32951 Improper Authentication vulnerability in Advantech Webaccess/Nms 2.0.3/3.0.2
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
network
low complexity
advantech CWE-287
5.0
2021-10-15 CVE-2021-38431 Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
network
low complexity
advantech CWE-862
4.0
2021-08-10 CVE-2021-22676 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code.
network
advantech CWE-79
4.3
2021-08-10 CVE-2021-22674 Path Traversal vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-22
4.0
2021-07-16 CVE-2021-21799 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-79
6.1
2021-07-16 CVE-2021-21800 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020).
network
low complexity
advantech CWE-79
6.1
2021-07-16 CVE-2021-21801 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
2021-07-16 CVE-2021-21802 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
2021-07-16 CVE-2021-21803 Cross-site Scripting vulnerability in Advantech R-Seenet 2.4.12
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications.
network
low complexity
advantech CWE-79
6.1
2021-06-24 CVE-2021-33000 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution.
network
advantech CWE-787
6.8