Advantech CVE Vulnerabilities & CVE List (378)

Products (CPE): — CVEs: 378

Advantech vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Advantech-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk sql injection and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 2140 of 378 CVEs
«« First « Prev Page 2 / 19 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-59171 Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. [email protected] 8.7 0.62% 2025-11-06 2026-06-17
CVE-2025-58423 Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account. [email protected] 8.7 0.46% 2025-11-06 2026-06-17
CVE-2025-34247 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.1 0.26% 2025-11-06 2026-06-17
CVE-2025-34246 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.3 0.25% 2025-11-06 2026-06-17
CVE-2025-34245 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.3 0.25% 2025-11-06 2026-06-17
CVE-2025-34244 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.3 0.25% 2025-11-06 2026-06-17
CVE-2025-34243 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.3 0.25% 2025-11-06 2026-06-17
CVE-2025-34242 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 8.6 0.25% 2025-11-06 2026-06-17
CVE-2025-34241 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 5.3 0.25% 2025-11-06 2026-06-17
CVE-2025-34240 Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information. [email protected] 8.6 0.25% 2025-11-06 2026-06-17
CVE-2025-34239 Advantech WebAccess/VPN versions prior to 1.1.5 contain a command injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated system administrator to execute arbitrary commands as the web server user (www-data) by supplying a crafted uploaded filename. [email protected] 8.6 1.58% 2025-11-06 2026-06-17
CVE-2025-34238 Advantech WebAccess/VPN versions prior to 1.1.5 contain an absolute path traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() that allows an authenticated network administrator to cause the application to read and return the contents of arbitrary files the web user (www-data) can access. [email protected] 6.9 0.33% 2025-11-06 2026-06-17
CVE-2025-34237 Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. [email protected] 6.3 0.17% 2025-11-06 2026-06-17
CVE-2025-34236 Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. [email protected] 6.2 0.17% 2025-11-06 2026-06-17
CVE-2022-50595 Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_search_value’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. [email protected] 9.3 0.57% 2025-11-06 2026-06-17
CVE-2022-50594 Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘data’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. [email protected] 8.8 0.41% 2025-11-06 2026-06-17
CVE-2022-50593 Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘search_term’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. [email protected] 9.3 0.62% 2025-11-06 2026-06-17
CVE-2022-50592 Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for remote code execution with administrator privileges. [email protected] 9.3 0.57% 2025-11-06 2026-06-17
CVE-2022-50591 Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to the ‘NetworkServlet’ endpoint. Successful exploitation allows for the exfiltration of user data, included clear text passwords. [email protected] 8.8 0.46% 2025-11-06 2026-06-17
CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. [email protected] 5.1 0.19% 2025-07-10 2026-06-17
«« First « Prev Page 2 / 19 Next »
cvelogic Threat Intelligence