There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-22
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.
Max CVSS
9.8
EPSS Score
0.17%
Published
2023-06-06
Updated
2023-06-12
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files), inject code into an XLS file, and modify the file extension, which could lead to arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.08%
Published
2023-06-06
Updated
2023-06-12
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-06-06
Updated
2023-06-12
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information.
Max CVSS
9.8
EPSS Score
0.89%
Published
2023-10-18
Updated
2023-10-25
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-10-17
Updated
2023-10-20
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.
Max CVSS
9.0
EPSS Score
0.05%
Published
2023-08-08
Updated
2023-08-14
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.
Max CVSS
9.0
EPSS Score
0.05%
Published
2023-08-08
Updated
2023-08-14
An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.
Max CVSS
8.8
EPSS Score
0.08%
Published
2023-07-31
Updated
2023-08-04
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
Max CVSS
8.8
EPSS Score
0.18%
Published
2023-06-22
Updated
2023-06-28
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-06-07
Updated
2023-06-15
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
Max CVSS
9.8
EPSS Score
0.24%
Published
2023-06-22
Updated
2023-06-28
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
Max CVSS
8.8
EPSS Score
0.15%
Published
2023-05-08
Updated
2023-05-12
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
Max CVSS
8.8
EPSS Score
0.38%
Published
2023-05-08
Updated
2023-05-12
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
Max CVSS
8.8
EPSS Score
0.38%
Published
2023-05-08
Updated
2023-05-12
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-02
Updated
2024-02-01
The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions.
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-02-04
Updated
2022-02-09
Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files.
Max CVSS
6.5
EPSS Score
0.41%
Published
2022-10-27
Updated
2022-10-28
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution.
Max CVSS
9.8
EPSS Score
0.45%
Published
2022-10-27
Updated
2022-10-28
Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution.
Max CVSS
9.8
EPSS Score
0.45%
Published
2022-10-27
Updated
2022-10-28
An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-09-27
Updated
2022-09-29

CVE-2022-2143

Public exploit
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
Max CVSS
9.8
EPSS Score
23.08%
Published
2022-07-22
Updated
2023-07-24
The affected product is vulnerable to a SQL injection with high attack complexity, which may allow an unauthorized attacker to disclose information.
Max CVSS
8.1
EPSS Score
0.20%
Published
2022-07-22
Updated
2022-07-28
The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code.
Max CVSS
9.8
EPSS Score
5.97%
Published
2022-07-22
Updated
2022-07-29
The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition.
Max CVSS
8.2
EPSS Score
1.24%
Published
2022-07-22
Updated
2022-07-28
297 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!