CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38308 – Advantech ADAM-5550 Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-38308
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37187 – Advantech ADAM-5550 Weak Encoding for Password
https://notcve.org/view.php?id=CVE-2024-37187
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 • CWE-261: Weak Encoding for Password •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52335 – Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52335
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 https://www.zerodayinitiative.com/advisories/ZDI-24-610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2453 – Advantech WebAccess/SCADA SQL Injection
https://notcve.org/view.php?id=CVE-2024-2453
There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. Existe una vulnerabilidad de inyección SQL en el software Advantech WebAccess/SCADA que permite a un atacante autenticado inyectar código SQL de forma remota en la base de datos. La explotación exitosa de esta vulnerabilidad podría permitir a un atacante leer o modificar datos en la base de datos remota. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5642 – Advantech R-SeeNet Unauthenticated Read/Write
https://notcve.org/view.php?id=CVE-2023-5642
Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Advantech R-SeeNet v2.4.23 permite a un atacante remoto no autenticado leer y escribir en el archivo snmpmon.ini, que contiene información confidencial. • https://tenable.com/security/research/tra-2023-33 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •