Advantech Security Vulnerabilities (CVEs)

Track 97 security vulnerabilities affecting Advantech products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

22 Critical

45 High

30 Medium

Sort by:

🔔 Get Alerts for Advantech

CVE-2024-50372 9.8

This vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands with root privileges on affected Advantech w...

Nov 26, 2024

CVE-2024-50369 7.2

This OS command injection vulnerability in Advantech EKI-6333 series industrial wireless access points allows attackers to execute arbitrary commands ...

Nov 26, 2024

CVE-2024-50370 9.8

This is a critical OS command injection vulnerability in Advantech wireless access points that allows remote unauthenticated attackers to execute arbi...

Nov 26, 2024

CVE-2024-50367 7.2

This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected de...

Nov 26, 2024

CVE-2024-50365 7.2

This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected de...

Nov 26, 2024

CVE-2024-50363 7.2

This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected de...

Nov 26, 2024

CVE-2024-50361 7.2

This OS command injection vulnerability in Advantech EKI-6333 series industrial switches allows attackers to execute arbitrary commands on affected de...

Nov 26, 2024

CVE-2024-50359 7.2

This OS command injection vulnerability in Advantech EKI series industrial switches allows attackers to execute arbitrary commands on affected devices...

Nov 26, 2024

CVE-2023-52335 7.5

This SQL injection vulnerability in Advantech iView's ConfigurationServlet allows unauthenticated remote attackers to extract sensitive information li...

Nov 22, 2024

CVE-2024-28948 8.0

Advantech ADAM-5630 industrial controllers contain a CSRF vulnerability that allows attackers to trick authenticated users into performing unauthorize...

Sep 27, 2024

CVE-2024-37187 5.7

Advantech ADAM-5550 industrial controllers store and transmit user credentials using only base64 encoding, which provides no meaningful encryption. Th...

Sep 27, 2024

CVE-2024-38308 8.8

CVE-2024-38308 is a cross-site scripting (XSS) vulnerability in Advantech ADAM 5550's web application logs page that allows attackers to inject malici...

Sep 27, 2024

CVE-2023-5642 9.8

This vulnerability allows unauthenticated remote attackers to read and write to the snmpmon.ini configuration file in Advantech R-SeeNet software. Att...

Oct 18, 2023

CVE-2023-4203 9.0

This stored cross-site scripting (XSS) vulnerability in Advantech EKI-1524, EKI-1522, and EKI-1521 devices allows authenticated attackers to inject ma...

Aug 8, 2023

CVE-2023-1437 9.8

This vulnerability in Advantech WebAccess/SCADA allows attackers to send malicious RPC arguments containing raw memory pointers that the server uses w...

Aug 2, 2023

CVE-2023-3983 8.8

An authenticated SQL injection vulnerability in Advantech iView allows authenticated attackers to bypass SQL injection checks and perform blind SQL in...

Jul 31, 2023

CVE-2023-3256 8.8

CVE-2023-3256 is a local file inclusion vulnerability in Advantech R-SeeNet versions 2.4.22 that allows low-privileged users to access and load local ...

Jun 22, 2023

CVE-2023-2866 7.3

This vulnerability in Advantech WebAccess allows authenticated attackers to upload malicious .zip files that can deploy web shells, potentially granti...

Jun 7, 2023

CVE-2023-32540 7.2

This vulnerability in Advantech WebAccess/SCADA allows attackers to overwrite any file on the operating system, potentially leading to arbitrary code ...

Jun 6, 2023

CVE-2023-2573 8.8

This vulnerability allows authenticated users to execute arbitrary commands on Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches by injec...

May 8, 2023

CVE-2023-2575 8.8

This CVE describes a stack-based buffer overflow vulnerability in Advantech EKI-15XX series industrial switches. Authenticated users can exploit it vi...

May 8, 2023

CVE-2022-2135 7.5

CVE-2022-2135 is a SQL injection vulnerability in industrial control systems that allows unauthorized attackers to extract sensitive database informat...

Jul 22, 2022

CVE-2022-2138 8.2

This vulnerability allows attackers to bypass authentication in affected products, potentially enabling them to read or modify sensitive data, execute...

Jul 22, 2022

CVE-2022-2142 8.1

This SQL injection vulnerability in industrial control systems allows unauthorized attackers to extract sensitive database information through crafted...

Jul 22, 2022

CVE-2022-2143 9.8

CVE-2022-2143 is a critical command injection vulnerability in Advantech iView NetworkServlet that allows remote attackers to execute arbitrary code o...

Jul 22, 2022

CVE-2022-22987 9.8

This vulnerability involves a hardcoded private key in the project folder, allowing attackers to gain unauthorized web server login and potentially pe...

Feb 4, 2022

CVE-2021-40388 8.8

This vulnerability allows local attackers to escalate privileges to SYSTEM authority on Windows systems running Advantech SQ Manager Server 1.0.6 by r...

Jan 28, 2022

CVE-2021-40396 8.8

This CVE describes a local privilege escalation vulnerability in Advantech DeviceOn/iService 1.1.7 where an attacker can replace system files with mal...

Jan 28, 2022

CVE-2021-21911 7.8

This vulnerability allows local attackers to escalate privileges to SYSTEM authority on Windows systems running Advantech R-SeeNet 2.4.15 by replacing...

Dec 22, 2021

CVE-2021-21915 8.8

An authenticated SQL injection vulnerability exists in Advantech R-SeeNet's group_list page via the company_filter parameter. This allows attackers to...

Dec 22, 2021

CVE-2021-21917 8.8

An authenticated SQL injection vulnerability exists in Advantech R-SeeNet's group_list page, allowing attackers to execute arbitrary SQL commands. Thi...

Dec 22, 2021

CVE-2021-21936 8.8

This SQL injection vulnerability allows authenticated users or attackers via CSRF to execute arbitrary SQL commands through the 'health_alt_filter' pa...

Dec 22, 2021

CVE-2021-42706 7.8

CVE-2021-42706 is a use-after-free vulnerability in Advantech WebAccess/MHI Designer that could allow remote attackers to execute arbitrary code or di...

Nov 15, 2021

CVE-2021-38389 9.8

This vulnerability allows remote attackers to execute arbitrary code on Advantech WebAccess systems by exploiting a stack-based buffer overflow. Attac...

Oct 18, 2021

CVE-2021-38408 9.8

A stack-based buffer overflow vulnerability in Advantech WebAccess allows remote attackers to execute arbitrary code by sending specially crafted data...

Sep 9, 2021

CVE-2021-32943 9.8

This vulnerability allows remote attackers to execute arbitrary code on Advantech WebAccess/SCADA systems via a stack-based buffer overflow. Attackers...

Aug 10, 2021

CVE-2021-21805 9.8

This CVE describes a critical OS command injection vulnerability in Advantech R-SeeNet's ping.php script that allows unauthenticated attackers to exec...

Aug 5, 2021

CVE-2021-21804 9.8

This CVE describes a local file inclusion vulnerability in Advantech R-SeeNet's options.php script that allows attackers to execute arbitrary PHP code...

Jul 16, 2021

CVE-2021-32932 7.5

This SQL injection vulnerability in Advantech iView allows attackers to execute arbitrary SQL commands on vulnerable systems. Unauthorized attackers c...

Jun 11, 2021

CVE-2021-22669 8.8

This vulnerability allows low-privileged users in Advantech WebAccess/SCADA to reset administrator passwords and gain full system control through priv...

Apr 26, 2021

CVE-2019-18231 7.5

This vulnerability in Advantech Spectre RT ERT351 routers allows attackers to intercept login credentials transmitted in clear text. Affected systems ...

Mar 17, 2021

CVE-2019-18235 9.8

This vulnerability in Advantech Spectre RT ERT351 routers allows attackers to bypass authentication through brute-force password attacks due to insuff...

Mar 17, 2021

CVE-2020-13554 7.8

This vulnerability allows local attackers to escalate privileges to NT SYSTEM level by exploiting insecure file permissions in Advantech WebAccess/SCA...

Mar 3, 2021

CVE-2021-22667 9.8

This vulnerability affects BB-ESWGP506-2SFP-T industrial switches with hard-coded credentials, allowing attackers to gain unauthorized access and exec...

Feb 24, 2021

CVE-2021-22652 9.8

CVE-2021-22652 is an unauthenticated remote code execution vulnerability in Advantech iView industrial monitoring software. Attackers can access confi...

Feb 11, 2021

CVE-2021-22656 7.5

CVE-2021-22656 is a directory traversal vulnerability in Advantech iView that allows attackers to read sensitive files outside the intended directory....

Feb 11, 2021

CVE-2021-22658 9.8

CVE-2021-22658 is a SQL injection vulnerability in Advantech iView software that allows attackers to execute arbitrary SQL commands. Successful exploi...

Feb 11, 2021

← Previous Page 2 of 2

Why Monitor Advantech Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 97+ known vulnerabilities affecting Advantech products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Advantech packages in under 60 seconds. No agents required - completely agentless scanning that works across Advantech deployments.

Free vulnerability database: Access detailed information about every Advantech CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Advantech CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Advantech CVEs Free