Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advantech vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2453
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated malicious user to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an malicious user to read or modify data on the remote...
9.8
CVSSv3
CVE-2023-5642
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote malicious user to read from and write to the snmpmon.ini file, which contains sensitive information.
Advantech R-seenet 2.4.23
7.5
CVSSv3
CVE-2023-4215
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
Advantech Webaccess 9.1.3
5.4
CVSSv3
CVE-2023-4202
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
Advantech Eki-1524 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1521 Firmware
5.4
CVSSv3
CVE-2023-4203
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Advantech Eki-1524 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1521 Firmware
9.8
CVSSv3
CVE-2023-1437
All versions before 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an malicious user to gain access to the remote file system and the...
Advantech Webaccess\\/scada
8.8
CVSSv3
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Advantech Iview
9.8
CVSSv3
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Advantech R-seenet
8.1
CVSSv3
CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
Advantech R-seenet
7.8
CVSSv3
CVE-2023-2866
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
Advantech Webaccess 8.4.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »