Advantech Security Vulnerabilities (CVEs)
Track 100 security vulnerabilities affecting Advantech products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This critical SQL injection vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on internet-exposed services. Successful ...
Jan 12, 2026Advantech WebAccess/SCADA is vulnerable to directory traversal (CWE-22), allowing attackers to check if arbitrary files exist on the system. This affe...
Dec 18, 2025Advantech WebAccess/SCADA is vulnerable to SQL injection, allowing attackers to execute arbitrary SQL commands on the database. This affects industria...
Dec 18, 2025Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, allowing attackers to determine if arbitrary files exist on the system. This ...
Dec 18, 2025Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, allowing attackers to upload malicious files to the server. This can lead to remo...
Dec 18, 2025Advantech WebAccess/SCADA is vulnerable to directory traversal that allows attackers to delete arbitrary files on the system. This affects industrial ...
Dec 18, 2025Advantech WISE-DeviceOn Server versions before 5.4 contain a stored cross-site scripting vulnerability in the dashboard menu configuration endpoint. A...
Dec 5, 2025Advantech WISE-DeviceOn Server versions before 5.4 contain a stored cross-site scripting vulnerability in the Software Watchdog interface. Authenticat...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into rule engine fields. Wh...
Dec 5, 2025This is an authenticated stored cross-site scripting (XSS) vulnerability in Advantech WISE-DeviceOn Server. An authenticated attacker can inject malic...
Dec 5, 2025This vulnerability allows remote unauthenticated attackers to forge JWT tokens using a hard-coded cryptographic key present in all Advantech WISE-Devi...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into task names that execut...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into map area names. When o...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into map entry names. When ...
Dec 5, 2025Advantech WISE-DeviceOn Server versions before 5.4 contain a stored cross-site scripting vulnerability in the schedule management endpoint. Authentica...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into device group names and...
Dec 5, 2025This stored XSS vulnerability in Advantech WISE-DeviceOn Server allows authenticated attackers to inject malicious scripts into device names. When oth...
Dec 5, 2025A heap corruption vulnerability in the Advantech TP-3250 printer driver allows attackers with local access to cause application crashes or potentially...
Nov 14, 2025This CVE describes a cross-site scripting (XSS) vulnerability in dashboard components where insufficient input sanitization allows attackers to inject...
Nov 6, 2025This vulnerability allows attackers to upload malicious configuration files to vulnerable systems, potentially causing denial-of-service, directory tr...
Nov 6, 2025This vulnerability allows attackers to upload malicious configuration files that bypass directory traversal protections, leading to remote code execut...
Nov 6, 2025This vulnerability allows attackers to upload malicious configuration files that bypass directory traversal protections, leading to remote code execut...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a SQL injection vulnerability in the NetworksController.addNetworkAction() function. Authenticat...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a SQL injection vulnerability in the AjaxDeviceController.ajaxDeviceAction() function. Authentic...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a SQL injection vulnerability in the AjaxNetworkController.ajaxAction() function. Authenticated ...
Nov 6, 2025Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in the AjaxFwRulesController.ajaxNetworkFwRulesAction() function...
Nov 6, 2025This SQL injection vulnerability in Advantech WebAccess/VPN allows authenticated low-privileged users to inject malicious SQL queries through datatabl...
Nov 6, 2025This SQL injection vulnerability in Advantech WebAccess/VPN allows authenticated low-privileged users to inject malicious SQL queries through datatabl...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a SQL injection vulnerability in the AjaxPrevalidationController.ajaxAction() function. Authenti...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a stored cross-site scripting vulnerability in the NetworksController.addNetworkAction() functio...
Nov 6, 2025Advantech WebAccess/VPN versions before 1.1.5 contain a stored cross-site scripting vulnerability in the StandaloneVpnClientsController.addStandaloneV...
Nov 6, 2025This vulnerability allows authenticated network administrators in Advantech WebAccess/VPN to read arbitrary files accessible to the web user (www-data...
Nov 6, 2025This vulnerability allows authenticated system administrators in Advantech WebAccess/VPN to execute arbitrary commands on the server by uploading spec...
Nov 6, 2025Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in the AppManagementController.appUpgradeAction() function. Auth...
Nov 6, 2025This vulnerability allows remote attackers to bypass authentication and execute SQL injection via the 'ztp_search_value' parameter in Advantech iView'...
Nov 6, 2025This vulnerability allows remote attackers to bypass authentication and execute SQL injection attacks on Advantech iView systems. Attackers can exfilt...
Nov 6, 2025This vulnerability allows remote attackers to bypass authentication and execute SQL injection against Advantech iView's SNMP management tool. Successf...
Nov 6, 2025This vulnerability allows remote attackers to bypass authentication and execute SQL injection via the SNMP management tool in Advantech iView, leading...
Nov 6, 2025This vulnerability allows remote attackers to bypass authentication and execute SQL injection attacks on Advantech iView systems. Attackers can exfilt...
Nov 6, 2025This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to perform SQL injection through the NetworkServlet.ar...
Jul 11, 2025This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to perform SQL injection through the NetworkServlet.ge...
Jul 11, 2025This vulnerability in Advantech iView allows authenticated attackers with user-level privileges to perform SQL injection through NetworkServlet.archiv...
Jul 11, 2025An SQL injection vulnerability in Advantech iView's CUtils.checkSQLInjection() function allows authenticated attackers to execute arbitrary SQL comman...
Jul 11, 2025A reflected cross-site scripting (XSS) vulnerability in Advantech iView allows attackers to inject malicious scripts via manipulated input parameters....
Jul 11, 2025This vulnerability allows unauthenticated remote attackers to send malicious Modbus TCP packets to manipulate Digital Outputs on affected devices. Att...
Jun 24, 2025This vulnerability allows attackers with physical access to a device's JTAG interface to inject or modify firmware. It affects embedded systems and Io...
Jun 24, 2025This vulnerability allows unauthenticated attackers to upload malicious firmware through a public update page. This could lead to backdoor installatio...
Jun 24, 2025This vulnerability allows unauthenticated attackers to guess predictable session cookies and take over accounts. Attackers could gain administrative o...
Jun 24, 2025This cross-site scripting (XSS) vulnerability affects Advantech industrial wireless access points. Attackers can exploit it by creating a malicious Wi...
Nov 26, 2024This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on affected Advantech w...
Nov 26, 2024Why Monitor Advantech Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 100+ known vulnerabilities affecting Advantech products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Advantech packages in under 60 seconds. No agents required - completely agentless scanning that works across Advantech deployments.
Free vulnerability database: Access detailed information about every Advantech CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Advantech CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
