Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-34540 Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
network
low complexity
advantech CWE-79
6.1
2021-03-18 CVE-2021-27436 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
network
low complexity
advantech CWE-79
6.1
2021-03-17 CVE-2019-18233 Unspecified vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
network
low complexity
advantech
6.1
2020-08-06 CVE-2020-16211 Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior.
local
low complexity
advantech CWE-125
5.5
2020-04-09 CVE-2020-10623 SQL Injection vulnerability in Advantech Webaccess/Nms 2.0.3
Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
network
low complexity
advantech CWE-89
6.5
2019-10-31 CVE-2019-18229 SQL Injection vulnerability in Advantech Wise-Paas/Rmm 3.3.29
Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior.
network
low complexity
advantech CWE-89
6.5
2018-10-31 CVE-2018-15707 Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page.
network
low complexity
advantech CWE-79
5.4
2018-10-31 CVE-2018-15706 Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API.
network
low complexity
advantech CWE-22
6.5
2018-10-31 CVE-2018-15705 Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API.
network
low complexity
advantech CWE-22
6.5
2018-10-22 CVE-2018-15703 Cross-site Scripting vulnerability in Advantech Webaccess
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities.
network
low complexity
advantech CWE-79
6.1