Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advantech vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-0856
Multiple stack-based buffer overflows in Advantech WebAccess prior to 8.1 allow remote malicious users to execute arbitrary code via unspecified vectors.
Advantech Webaccess
9.8
CVSSv3
CVE-2016-0857
Multiple heap-based buffer overflows in Advantech WebAccess prior to 8.1 allow remote malicious users to execute arbitrary code via unspecified vectors.
Advantech Webaccess
9.8
CVSSv3
CVE-2016-0859
Integer overflow in the Kernel service in Advantech WebAccess prior to 8.1 allows remote malicious users to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request.
Advantech Webaccess
9.8
CVSSv3
CVE-2015-7938
Advantech EKI-132x devices with firmware prior to 2015-12-31 allow remote malicious users to bypass authentication via unspecified vectors.
Advantech Eki-1321 Series Firmware
Advantech Eki-1322 Series Firmware
9.1
CVSSv3
CVE-2020-10619
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions before 3.0.2) control.
Advantech Webaccess\\/nms
9.1
CVSSv3
CVE-2019-10985
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.
Advantech Webaccess
9.1
CVSSv3
CVE-2017-5152
An issue exists in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS).
Advantech Webaccess 8.1
8.8
CVSSv3
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Advantech Iview
8.8
CVSSv3
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
8.8
CVSSv3
CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »