Shodan
Vulnerabilities
Vulnerable Software
Advantech:  Security Vulnerabilities
CVE-2024-37187
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
CVSS Score
6.8
EPSS Score
0.004
Published
2024-09-27
CVE-2024-38308
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output.
CVSS Score
8.7
EPSS Score
0.003
Published
2024-09-27
CVE-2023-5642
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
CVSS Score
9.8
EPSS Score
0.167
Published
2023-10-18
CVE-2023-4215
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-10-17
CVE-2023-4203
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
CVSS Score
9.0
EPSS Score
0.009
Published
2023-08-08
CVE-2023-4202
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
CVSS Score
9.0
EPSS Score
0.008
Published
2023-08-08
CVE-2023-1437
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
CVSS Score
9.8
EPSS Score
0.028
Published
2023-08-02
CVE-2023-3983
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
CVSS Score
8.8
EPSS Score
0.151
Published
2023-07-31
CVE-2023-2611
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-06-22
CVE-2023-3256
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-06-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved