Advantech System Integration services HW/SW

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks

CVE-2022-3387 5.3 - Medium - October 27, 2022

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.

Directory traversal

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3386 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.

Memory Corruption

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow

CVE-2022-3385 9.8 - Critical - October 27, 2022

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.

Memory Corruption

An SQL injection vulnerability in Advantech iView 5.7.04.6469

CVE-2022-3323 7.5 - High - September 27, 2022

An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.

SQL Injection

The affected product is vulnerable to a SQL injection with high attack complexity, which may

CVE-2022-2142 5.9 - Medium - July 22, 2022

The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.

SQL Injection

The affected product is vulnerable due to missing authentication, which may

CVE-2022-2138 7.5 - High - July 22, 2022

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.

Missing Authentication for Critical Function

The affected product is vulnerable to two SQL injections

CVE-2022-2137 4.9 - Medium - July 22, 2022

The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information

SQL Injection

The affected product is vulnerable to multiple SQL injections

CVE-2022-2136 6.5 - Medium - July 22, 2022

The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information.

SQL Injection

The affected product is vulnerable to multiple SQL injections, which may

CVE-2022-2135 7.5 - High - July 22, 2022

The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information.

SQL Injection

The affected product is vulnerable to two instances of command injection, which may

CVE-2022-2143 9.8 - Critical - July 22, 2022

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

Command Injection

The affected product is vulnerable to directory traversal, which may

CVE-2022-2139 9.8 - Critical - July 22, 2022

The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.

Directory traversal

A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9

CVE-2021-40397 7.8 - High - January 28, 2022

A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Incorrect Default Permissions

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7

CVE-2021-40396 8.8 - High - January 28, 2022

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Incorrect Default Permissions

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2

CVE-2021-40389 8.8 - High - January 28, 2022

A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Incorrect Default Permissions

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6

CVE-2021-40388 8.8 - High - January 28, 2022

A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.

Incorrect Default Permissions

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21926 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at health_filter parameter.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21937 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at host_alt_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21936 8.8 - High - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at health_alt_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21935 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at host_alt_filter2 parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21934 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at imei_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21933 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at esn_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21932 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at name_filter parameter. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21931 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at stat_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21930 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at sn_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21929 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at prod_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21928 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at mac_filter parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21925 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at firm_filter parameter.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21924 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at desc_filter parameter.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21923 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at company_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21927 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at loc_filter parameter.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21922 6.5 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at username_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21921 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at name_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21920 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at surname_filter parameter with the administrative account or through cross-site request forgery.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21919 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.

SQL Injection

A specially-crafted HTTP request can lead to SQL injection

CVE-2021-21918 4.9 - Medium - December 22, 2021

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at name_filter parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21917 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'ord parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21916 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021)

CVE-2021-21915 8.8 - High - December 22, 2021

An exploitable SQL injection vulnerability exist in the group_list page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at company_filter parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.

SQL Injection

This vulnerability could

CVE-2021-42703 6.1 - Medium - November 15, 2021

This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the users cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.

XSS

This vulnerability could

CVE-2021-42706 7.8 - High - November 15, 2021

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer

Dangling pointer

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may

CVE-2021-32951 5.3 - Medium - October 27, 2021

WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.

authentification

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may

CVE-2021-38389 9.8 - Critical - October 18, 2021

Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

Memory Corruption

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may

CVE-2021-33023 9.8 - Critical - October 18, 2021

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

Memory Corruption

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths

CVE-2021-38431 4.3 - Medium - October 15, 2021

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

AuthZ

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may

CVE-2021-38408 9.8 - Critical - September 09, 2021

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

Stack Overflow

The affected product is vulnerable to a stack-based buffer overflow, which may

CVE-2021-32943 9.8 - Critical - August 10, 2021

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

Memory Corruption

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could

CVE-2021-22676 6.1 - Medium - August 10, 2021

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

XSS

The affected product is vulnerable to a relative path traversal condition, which may

CVE-2021-22674 6.5 - Medium - August 10, 2021

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

Directory traversal

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21805 9.8 - Critical - August 05, 2021

An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Shell injection

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21803 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

XSS

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21802 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

XSS

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications

CVE-2021-21801 6.1 - Medium - July 16, 2021

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.

XSS

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21804 9.8 - Critical - July 16, 2021

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.

Inclusion of Functionality from Untrusted Control Sphere

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21800 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted users browser. An attacker can provide a crafted URL to trigger this vulnerability.

XSS

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020)

CVE-2021-21799 6.1 - Medium - July 16, 2021

Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted users browser. An attacker can provide a crafted URL to trigger this vulnerability.

XSS

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may

CVE-2021-33004 7.8 - High - June 24, 2021

The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

Memory Corruption

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code

CVE-2021-33002 7.8 - High - June 24, 2021

Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

Memory Corruption

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may

CVE-2021-33000 7.8 - High - June 24, 2021

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).

Memory Corruption

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL

CVE-2021-32956 6.1 - Medium - June 18, 2021

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.

Open Redirect

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may

CVE-2021-32954 6.5 - Medium - June 18, 2021

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.

Directory traversal

The affected product is vulnerable to a SQL injection, which may

CVE-2021-32932 7.5 - High - June 11, 2021

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182).

SQL Injection

The affected products configuration is vulnerable due to missing authentication, which may

CVE-2021-32930 9.8 - Critical - June 11, 2021

The affected products configuration is vulnerable due to missing authentication, which may allow an attacker to change configurations and execute arbitrary code on the iView (versions prior to v5.7.03.6182).

Missing Authentication for Critical Function

Advantech WebAccess 8.4.2 and 8.4.4

CVE-2021-34540 6.1 - Medium - June 11, 2021

Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard.

XSS

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard

CVE-2021-27437 9.1 - Critical - May 07, 2021

The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. The system contains a hard-coded administrator username and password that can be used to query Grafana APIs. Authentication is not required for exploitation on the WISE-PaaS/RMM (versions prior to 9.0.1).

Use of Hard-coded Credentials

Incorrect permissions are set to default on the Project Management page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may

CVE-2021-22669 8.8 - High - April 26, 2021

Incorrect permissions are set to default on the Project Management page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrators password and login as an administrator to escalate privileges on the system.

Incorrect Permission Assignment for Critical Resource

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may

CVE-2021-27436 6.1 - Medium - March 18, 2021

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the users cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.

XSS

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation

CVE-2020-13554 7.8 - High - March 03, 2021

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Incorrect Default Permissions

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may

CVE-2020-25161 8.8 - High - February 23, 2021

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

Externally Controlled Reference to a Resource in Another Sphere

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation

CVE-2020-13555 8.8 - High - February 17, 2021

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Incorrect Default Permissions

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation

CVE-2020-13553 8.8 - High - February 17, 2021

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Incorrect Default Permissions

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation

CVE-2020-13552 8.8 - High - February 17, 2021

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Incorrect Default Permissions

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation

CVE-2020-13551 8.8 - High - February 17, 2021

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.

Incorrect Default Permissions

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1

CVE-2020-13550 7.7 - High - February 17, 2021

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.

Directory traversal

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may

CVE-2021-22652 9.8 - Critical - February 11, 2021

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.

Missing Authentication for Critical Function

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may

CVE-2021-22654 7.5 - High - February 11, 2021

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information.

SQL Injection

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may

CVE-2021-22656 7.5 - High - February 11, 2021

Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allow an attacker to read sensitive files.

Directory traversal

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may

CVE-2021-22658 9.8 - Critical - February 11, 2021

Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'.

SQL Injection

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which

CVE-2020-25157 7.5 - High - October 20, 2020

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.

SQL Injection

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may

CVE-2020-16202 7.8 - High - September 22, 2020

WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

Incorrect Permission Assignment for Critical Resource

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16215 7.8 - High - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Improper Input Validation

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16229 7.8 - High - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Object Type Confusion

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16217 7.8 - High - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Double-free

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16213 7.8 - High - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Memory Corruption

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16211 5.5 - Medium - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.

Out-of-bounds Read

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior

CVE-2020-16207 7.8 - High - August 06, 2020

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Memory Corruption

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability

CVE-2020-14499 7.5 - High - July 15, 2020

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials.

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may

CVE-2020-12019 9.8 - Critical - June 15, 2020

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

Memory Corruption

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-10638 9.8 - Critical - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

Memory Corruption

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12002 9.8 - Critical - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

Memory Corruption

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12006 9.8 - Critical - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applications control.

Directory traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12010 7.1 - High - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the applications control.

Directory traversal

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12014 7.5 - High - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands.

SQL Injection

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12018 7.5 - High - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data.

Out-of-bounds Read

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12022 9.8 - Critical - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed.

out-of-bounds array index

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0

CVE-2020-12026 8.8 - High - May 08, 2020

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the applications control.

Directory traversal

WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may

CVE-2020-10603 8.8 - High - April 09, 2020

WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.

Shell injection

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

CVE-2020-10617 7.5 - High - April 09, 2020

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

SQL Injection

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CVE-2020-10619 9.1 - Critical - April 09, 2020

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

Directory traversal

Multiple vulnerabilities could

CVE-2020-10623 6.5 - Medium - April 09, 2020

Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

SQL Injection

WebAccess/NMS (versions prior to 3.0.2)

CVE-2020-10625 9.8 - Critical - April 09, 2020

WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.

Missing Authentication for Critical Function