Advantech: Security Vulnerabilities
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-02-11
Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.
CVSS Score
7.5
EPSS Score
0.019
Published
2021-02-11
Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-02-11
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-10-20
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-09-22
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
CVSS Score
9.8
EPSS Score
0.132
Published
2020-08-25
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVSS Score
7.8
EPSS Score
0.02
Published
2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVSS Score
7.8
EPSS Score
0.014
Published
2020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
CVSS Score
7.8
EPSS Score
0.008
Published
2020-08-06