Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-34540 | Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 6.1 |
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 6.1 |
| 2021-03-17 | CVE-2019-18233 | Cross-site Scripting vulnerability in Advantech Spectre RT Ert351 Firmware 5.1.3 In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | 6.1 |
| 2020-08-06 | CVE-2020-16211 | Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 5.5 |
| 2020-04-09 | CVE-2020-10623 | SQL Injection vulnerability in Advantech Webaccess/Nms 2.0.3 Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | 6.5 |
| 2019-10-31 | CVE-2019-18229 | SQL Injection vulnerability in Advantech Wise-Paas/Rmm 3.3.29 Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. | 6.5 |
| 2018-10-31 | CVE-2018-15707 | Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2 Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. | 5.4 |
| 2018-10-31 | CVE-2018-15706 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. | 6.5 |
| 2018-10-31 | CVE-2018-15705 | Path Traversal vulnerability in Advantech Webaccess 8.3.1/8.3.2 WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. | 6.5 |
| 2018-10-22 | CVE-2018-15703 | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 6.1 |