CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-2136 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2136
30 Jun 2022 — The affected product is vulnerable to multiple SQL injections that require low privileges for exploitation and may allow an unauthorized attacker to disclose information. El producto afectado es vulnerable a múltiples inyecciones SQL que requieren privilegios bajos para su explotación y pueden permitir a un atacante no autorizado divulgar información This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Although authentication is required to explo... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 72%CPEs: 1EXPL: 2CVE-2022-2143 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2143
30 Jun 2022 — The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. El producto afectado es vulnerable a dos instancias de inyección de comandos, que pueden permitir a un atacante ejecutar remotamente código arbitrario This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkSer... • https://packetstorm.news/files/id/168108 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-2139 – Advantech iView
https://notcve.org/view.php?id=CVE-2022-2139
30 Jun 2022 — The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. El producto afectado es vulnerable a un salto de directorio, que puede permitir a un atacante acceder a archivos no autorizados y ejecutar código arbitrario This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Although authentication is required to exploit this vulnerability, the existing authenti... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22987 – Advantech ADAM-3600
https://notcve.org/view.php?id=CVE-2022-22987
04 Feb 2022 — The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. El producto afectado presenta una clave privada embebida dentro de la carpeta del proyecto, que puede permitir a un atacante lograr el inicio de sesión en el servidor web y llevar a cabo otras acciones • https://www.cisa.gov/uscert/ics/advisories/icsa-22-032-02 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40397
https://notcve.org/view.php?id=CVE-2021-40397
28 Jan 2022 — A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la instalación de Advantech WISE-PaaS/OTA Server versión 3.0.9. Un archivo especialmente diseñado puede ser reemplazado en el sistema para escalar privilegios a la autorida... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1409 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40396
https://notcve.org/view.php?id=CVE-2021-40396
28 Jan 2022 — A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la instalación de Advantech DeviceOn/iService versión 1.1.7. Un archivo especialmente diseñado puede ser reemplazado en el sistema para escalar privilegios a la autoridad de N... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1408 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40389
https://notcve.org/view.php?id=CVE-2021-40389
28 Jan 2022 — A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la instalación de Advantech DeviceOn/iEdge Server versión 1.0.2. Un archivo especialmente diseñado puede ser reemplazado en el sistema para escalar privilegios a la autori... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1400 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40388
https://notcve.org/view.php?id=CVE-2021-40388
28 Jan 2022 — A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en Advantech SQ Manager Server versión 1.0.6. Un archivo especialmente diseñado puede ser reemplazado en el sistema para escalar privilegios a la autoridad de NT SYSTEM. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1399 • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 1%CPEs: 1EXPL: 1CVE-2021-21937
https://notcve.org/view.php?id=CVE-2021-21937
22 Dec 2021 — A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. Un atacante puede realizar peticiones HTTP autenticadas para desencadenar esta vulnerabilidad en el parámetro "host_alt_filter". • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-21936
https://notcve.org/view.php?id=CVE-2021-21936
22 Dec 2021 — A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. Una petición HTTP especialmente diseñada puede conllevar a una inyección SQL. Un atacante puede realizar peticiones HTTP autenticadas para desencadenar esta vulnerabilidad en el parámetro "health_alt_filter". • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •