Advantech: Security Vulnerabilities
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-10-18
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-17
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
CVSS Score
9.0
EPSS Score
0.006
Published
2023-08-08
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
CVSS Score
9.0
EPSS Score
0.002
Published
2023-08-08
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-02
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-07-31
Advantech R-SeeNet
versions 2.4.22
is installed with a hidden root-level user that is not available in the
users list. This hidden user has a password that cannot be changed by
users.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-06-22
Advantech R-SeeNet
versions 2.4.22
allows low-level users to access and load the content of local files.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-22
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-06-07
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-06-06