Filtered by vendor Advantech
Subscribe
Total
378 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21925 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.
|
|||||
| CVE-2021-21924 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter.
|
|||||
| CVE-2021-21923 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.
|
|||||
| CVE-2021-21922 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.
|
|||||
| CVE-2021-21921 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.
|
|||||
| CVE-2021-21920 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.
|
|||||
| CVE-2021-21919 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
|
|||||
| CVE-2021-21918 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.
|
|||||
| CVE-2021-21917 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
|
|||||
| CVE-2021-21916 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
|
|||||
| CVE-2021-21915 | 1 Advantech | 1 R-seenet | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.
|
|||||
| CVE-2021-21912 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21910 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21804 | 1 Advantech | 1 R-seenet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21803 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21802 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21800 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
|
|||||
| CVE-2021-21799 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
|
|||||
| CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
|
|||||
| CVE-2020-25157 | 1 Advantech | 1 R-seenet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.
|
|||||
| CVE-2020-16245 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
|
|||||
| CVE-2020-16229 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-16215 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-16213 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
|
|||||
| CVE-2020-16207 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-16202 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
|
|||||
| CVE-2020-14507 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
|
|||||
| CVE-2020-14505 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET or POST request that creates a command string without any validation. The attacker may then remotely execute code.
|
|||||
| CVE-2020-14503 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2020-14501 | 1 Advantech | 1 Iview | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the user table, including the administrator credentials in plain text. An attacker may also delete the administrator account.
|
|||||
| CVE-2020-14499 | 1 Advantech | 1 Iview | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.
|
|||||
| CVE-2020-14497 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code.
|
|||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
|
|||||
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
|
|||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.
|
|||||