Known Vulnerabilities for products from Advantech
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Advantech".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Advantech can be found at device.report : Advantech
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22987 | The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve ... | 9.8 - CRITICAL | 2022-02-04 | 2022-02-09 |
| CVE-2021-42706 | This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of We... | 7.8 - HIGH | 2021-11-15 | 2021-11-17 |
| CVE-2021-42703 | This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/se... | 6.1 - MEDIUM | 2021-11-15 | 2021-11-16 |
| CVE-2021-40397 | A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted ... | 7.8 - HIGH | 2022-01-28 | 2022-07-30 |
| CVE-2021-40396 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted fil... | 8.8 - HIGH | 2022-01-28 | 2022-05-31 |
| CVE-2021-40389 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted... | 8.8 - HIGH | 2022-01-28 | 2022-05-31 |
| CVE-2021-40388 | A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in... | 8.8 - HIGH | 2022-01-28 | 2022-05-31 |
| CVE-2021-38431 | An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project n... | 4.3 - MEDIUM | 2021-10-15 | 2021-10-20 |
| CVE-2021-38408 | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validat... | 9.8 - CRITICAL | 2021-09-09 | 2021-09-20 |
| CVE-2021-38389 | Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to r... | 9.8 - CRITICAL | 2021-10-18 | 2021-10-20 |
| CVE-2021-34540 | Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 6.1 - MEDIUM | 2021-06-11 | 2021-06-21 |
| CVE-2021-33023 | Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to re... | 9.8 - CRITICAL | 2021-10-18 | 2021-10-20 |
| CVE-2021-33004 | The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, wh... | 7.8 - HIGH | 2021-06-24 | 2022-07-02 |
| CVE-2021-33002 | Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary... | 7.8 - HIGH | 2021-06-24 | 2021-07-01 |
| CVE-2021-33000 | Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arb... | 7.8 - HIGH | 2021-06-24 | 2021-07-01 |
| CVE-2021-32956 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a malici... | 6.1 - MEDIUM | 2021-06-18 | 2021-06-24 |
| CVE-2021-32954 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to rem... | 6.5 - MEDIUM | 2021-06-18 | 2022-07-02 |
| CVE-2021-32951 | WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized... | 5.3 - MEDIUM | 2021-10-27 | 2021-10-29 |
| CVE-2021-32943 | The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrar... | 9.8 - CRITICAL | 2021-08-10 | 2021-08-17 |
| CVE-2021-32932 | The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on th... | 7.5 - HIGH | 2021-06-11 | 2021-06-21 |
Known software with vulnerabilities from Advantech
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Advantech | Adamview | 4.3 |
| Application | Advantech | Advantech Webaccess | 5.0 |
| Application | Advantech | Diaganywhere | - |
| Operating System | Advantech | Eki-122x Series Firmware | 1.49 |
| Hardware | Advantech | Eki-1321 | - |
| Operating System | Advantech | Eki-1321 Series Firmware | 1.96 |
| Hardware | Advantech | Eki-1322 | - |
| Operating System | Advantech | Eki-1322 Series Firmware | 1.96 |
| Hardware | Advantech | Eki-1361 | - |
| Operating System | Advantech | Eki-1361 Series Firmware | 1.17 |
| Hardware | Advantech | Eki-1362 | - |
| Operating System | Advantech | Eki-1362 Series Firmware | 1.17 |
| Application | Advantech | Iview | 5.6 |
| Application | Advantech | R-seenet | 1.5.1 |
| Application | Advantech | Susiaccess | 3.0 |
| Hardware | Advantech | Vesp211-232 | - |
| Operating System | Advantech | Vesp211-232 Firmware | 1.5.1 |
| Hardware | Advantech | Vesp211-eu | - |
| Operating System | Advantech | Vesp211-eu Firmware | 1.7.2 |
| Application | Advantech | Webaccess | 6.0 |