Vulnerabilities > Advantech > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-18 | CVE-2021-32956 | Open Redirect vulnerability in Advantech Webaccess/Scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. | 5.8 |
| 2021-06-11 | CVE-2021-32932 | SQL Injection vulnerability in Advantech Iview 5.6/5.7.03.6112 The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). | 5.0 |
| 2021-06-11 | CVE-2021-34540 | Cross-site Scripting vulnerability in Advantech Webaccess 8.4.2/8.4.4 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 4.3 |
| 2021-05-07 | CVE-2021-27437 | Use of Hard-coded Credentials vulnerability in Advantech Wise-Paas/Rmm 3.3.29 The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. | 6.4 |
| 2021-03-18 | CVE-2021-27436 | Cross-site Scripting vulnerability in Advantech Webaccess/Scada WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | 4.3 |
| 2021-03-17 | CVE-2019-18233 | Cross-site Scripting vulnerability in Advantech Spectre RT Ert351 Firmware In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the affected product does not neutralize special characters in the error response, allowing attackers to use a reflected XSS attack. | 4.3 |
| 2021-03-17 | CVE-2019-18231 | Cleartext Transmission of Sensitive Information vulnerability in Advantech Spectre RT Ert351 Firmware Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwords are transmitted in clear text form, which may allow an attacker to intercept the request. | 5.0 |
| 2021-02-23 | CVE-2020-25161 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | 6.5 |
| 2021-02-17 | CVE-2020-13550 | Path Traversal vulnerability in Advantech Webaccess/Scada 9.0.1 A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. | 4.0 |
| 2021-02-11 | CVE-2021-22656 | Path Traversal vulnerability in Advantech Iview 5.6 Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files. | 5.0 |