CVSS: 9.0EPSS: 1%CPEs: 6EXPL: 3CVE-2023-2574 – Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2023-2574
08 May 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulnerabilities. • https://packetstorm.news/files/id/172307 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 6EXPL: 3CVE-2023-2575 – Authenticated Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-2575
08 May 2023 — Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. Advantech EKI-1524-CE series, EKI-1522 series, and EKI-1521 series suffer from command injection and buffer overflow vulne... • https://packetstorm.news/files/id/172307 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-3385 – Advantech R-SeeNet show_code Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3385
21 Oct 2022 — Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can remotely overflow the stack buffer and enable remote code execution. Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede desbordar el Búfer de forma remota y permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-3386 – Advantech R-SeeNet out Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3386
21 Oct 2022 — Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution. Las versiones 2.4.17 y anteriores de Advantech R-SeeNet son vulnerables a un Desbordamiento del Búfer. Un atacante no autorizado puede utilizar un nombre de archivo de gran tamaño para Desbordamiento del Búfer y permitir la ejecución remota de código. This vulnerability allows remote attackers to exe... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 0CVE-2022-3387 – Advantech R-SeeNet out.php Directory Traversal Arbitrary File Read and Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2022-3387
21 Oct 2022 — Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files. Las versiones 2.4.19 y anteriores de Advantech R-SeeNet son vulnerables a ataques de Path Traversal. Un atacante no autorizado podría explotar de forma remota un código PHP vulnerable para eliminar archivos .PDF. This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected instal... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-291-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3323
https://notcve.org/view.php?id=CVE-2022-3323
27 Sep 2022 — An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. Una vulnerabilidad de inyección SQL en Adva... • https://www.tenable.com/security/research/tra-2022-32 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2135 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2135
30 Jun 2022 — The affected product is vulnerable to multiple SQL injections, which may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a múltiples inyecciones SQL que pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet endpoint, which listens... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2136 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2136
30 Jun 2022 — The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a múltiples inyecciones SQL que requieren privilegios bajos para su explotación y pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to explo... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2137 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2137
30 Jun 2022 — The affected product is vulnerable to two SQL injections that require high privileges for exploitation and may allow an unauthorized attacker to disclose information El producto afectado es vulnerable a dos inyecciones SQL que requieren altos privilegios para su explotación y pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2138 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2138
30 Jun 2022 — The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition. El producto afectado es vulnerable debido a la falta de autenticación, lo que puede permitir a un atacante leer o modificar datos confidenciales y ejecutar código arbitrario, resultando en una condición de denegación de servicio This vulnerability allows remote attackers to create a denial-of-service condition o... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-306: Missing Authentication for Critical Function •