Vulnerabilities > Advantech > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-24 CVE-2021-33002 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code.
network
advantech CWE-787
6.8
2021-06-24 CVE-2021-33004 Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31/2.1.9.95
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code.
network
advantech CWE-787
6.8
2021-06-18 CVE-2021-32954 Path Traversal vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
network
low complexity
advantech CWE-22
6.8
2021-06-18 CVE-2021-32956 Open Redirect vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
network
advantech CWE-601
5.8
2021-06-11 CVE-2021-32932 SQL Injection vulnerability in Advantech Iview 5.6/5.7.03.6112
The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).
network
low complexity
advantech CWE-89
5.0
2021-06-11 CVE-2021-34540 Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.
network
advantech CWE-79
4.3
2021-05-07 CVE-2021-27437 Use of Hard-coded Credentials vulnerability in Advantech Wise-Paas/Rmm 3.3.29
The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard.
network
low complexity
advantech CWE-798
6.4
2021-03-18 CVE-2021-27436 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
network
advantech CWE-79
4.3
2021-03-17 CVE-2019-18233 Cross-site Scripting vulnerability in Advantech Spectre RT Ert351 Firmware
In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack.
network
advantech CWE-79
4.3
2021-03-17 CVE-2019-18231 Cleartext Transmission of Sensitive Information vulnerability in Advantech Spectre RT Ert351 Firmware
Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request.
network
low complexity
advantech CWE-319
5.0