CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34542 – Advantech ADAM-5630 Weak Encoding for Password
https://notcve.org/view.php?id=CVE-2024-34542
27 Sep 2024 — Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-261: Weak Encoding for Password •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28948 – Advantech ADAM-5630 Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-28948
27 Sep 2024 — Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39275 – Advantech ADAM-5630 Use of Persistent Cookies Containing Sensitive Information
https://notcve.org/view.php?id=CVE-2024-39275
27 Sep 2024 — Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02 • CWE-539: Use of Persistent Cookies Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38308 – Advantech ADAM-5550 Cross-site Scripting
https://notcve.org/view.php?id=CVE-2024-38308
27 Sep 2024 — Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user. The device doesn't correctly neutralize malicious code when parsing HTTP requests to generate page output. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37187 – Advantech ADAM-5550 Weak Encoding for Password
https://notcve.org/view.php?id=CVE-2024-37187
27 Sep 2024 — Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01 • CWE-261: Weak Encoding for Password •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52335 – Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-52335
12 Jun 2024 — Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct... • https://www.advantech.com/zh-tw/support/details/firmware?id=1-HIPU-183 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2453 – Advantech WebAccess/SCADA SQL Injection
https://notcve.org/view.php?id=CVE-2024-2453
21 Mar 2024 — There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. Existe una vulnerabilidad de inyección SQL en el software Advantech WebAccess/SCADA que permite a un atacante autenticado inyectar código SQL de forma remota en la base de datos. La explotación exitosa de esta vulnerabilidad podría pe... • https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-5642 – Advantech R-SeeNet Unauthenticated Read/Write
https://notcve.org/view.php?id=CVE-2023-5642
18 Oct 2023 — Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker to read from and write to the snmpmon.ini file, which contains sensitive information. Advantech R-SeeNet v2.4.23 permite a un atacante remoto no autenticado leer y escribir en el archivo snmpmon.ini, que contiene información confidencial. • https://tenable.com/security/research/tra-2023-33 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4215 – Advantech WebAccess Debug Messages Revealing Unnecessary Information
https://notcve.org/view.php?id=CVE-2023-4215
16 Oct 2023 — Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Advantech WebAccess versión 9.1.3 contiene una exposición de información confidencial a una vulnerabilidad de un actor no autorizado que podría filtrar las credenciales del usuario. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 2CVE-2023-4203 – Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4203
08 Aug 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface. Los dispositivos Advantech EKI-1524, EKI-1522, EKI-1521 hasta la versión 1.21 están afectados por una vulnerabilidad Cross-Site Scripting (XSS) Almacenado, que puede ser activada por usuarios autenticados en la herramienta ping de la interfaz web. Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521... • https://packetstorm.news/files/id/174153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •