Filtered by vendor Advantech
Subscribe
Total
351 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0770 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||||
| CVE-2014-0768 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | |||||
| CVE-2014-0767 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||||
| CVE-2014-0766 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. | |||||
| CVE-2014-0765 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. | |||||
| CVE-2014-0764 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||||
| CVE-2014-0763 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | 7.5 HIGH | N/A |
| An attacker using SQL injection may use arguments to construct queries without proper sanitization. The DBVisitor.dll is exposed through SOAP interfaces, and the exposed functions are vulnerable to SOAP injection. This may allow unexpected SQL action and access to records in the table of the software database or execution of arbitrary code. | |||||
| CVE-2025-53397 | 1 Advantech | 1 Iview | 2025-08-01 | N/A | 5.4 MEDIUM |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | |||||
| CVE-2025-53509 | 1 Advantech | 1 Iview | 2025-08-01 | N/A | 6.5 MEDIUM |
| A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter can be used directly in a command without proper sanitization, allowing arbitrary arguments to be injected. This can result in information disclosure, including sensitive database credentials. | |||||
| CVE-2025-53515 | 1 Advantech | 1 Iview | 2025-08-01 | N/A | 8.8 HIGH |
| A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-41442 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 5.4 MEDIUM |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | |||||
| CVE-2025-46704 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 4.3 MEDIUM |
| A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server. | |||||
| CVE-2025-48891 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 7.6 HIGH |
| A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition. | |||||
| CVE-2025-52577 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 8.8 HIGH |
| A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-53519 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 5.4 MEDIUM |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | |||||
| CVE-2025-53475 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | 8.8 HIGH |
| A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-48466 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 8.1 HIGH |
| Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which may lead to operational or safety risks. | |||||
| CVE-2025-48470 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 4.1 MEDIUM |
| Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to session hijacking, defacement, credential theft, or privilege escalation. | |||||
| CVE-2025-48469 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 9.6 CRITICAL |
| Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation. | |||||
| CVE-2025-48468 | 1 Advantech | 6 Wise-4010lan, Wise-4010lan Firmware, Wise-4050lan and 3 more | 2025-07-09 | N/A | 6.4 MEDIUM |
| Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware. | |||||