| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was identified in Advantech WISE-6610 1.2.1_20251110. Affected is an unknown function of the file /cgi-bin/luci/admin/openvpn_apply of the component Background Management. Such manipulation of the argument delete_file leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately. |
| An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior. |
| Advantech WebAccess/SCADA
is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files. |
| Advantech WebAccess/SCADA
is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code. |
| Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files. |
| Advantech WebAccess/SCADA
is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands. |
| Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files. |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command line can specify running remote files (example: UNC
command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this
function, there are 3 calls to strstr to check the contents of the user
specified command line. If “\setup.exe,” “\bwvbprt.exe,” or
“\bwvbprtl.exe” are contained in the command line (strstr returns
nonzero value), the command line passes validation and is then passed to
CreateProcessA. |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
the URLs through JavaScript. This method could also be used to reach any
arbitrary URL to which the browser has access. |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access. |
| By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely. |
| An attacker may pass an overly long value from the AccessCode2 argument
to the control to overflow the static stack buffer. The attacker may
then remotely execute arbitrary code. |
| An attacker may exploit this vulnerability by passing an overly long
value from the AccessCode argument to the control. This will overflow
the static stack buffer. The attacker may then execute code on the
target device remotely. |
| An attacker can exploit this vulnerability by copying an overly long
NodeName2 argument into a statically sized buffer on the stack to
overflow the static stack buffer. An attacker may use this vulnerability
to remotely execute arbitrary code. |
| To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely. |
| By providing an overly long string to the NodeName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely. |
| An attacker using SQL injection may use arguments to construct queries
without proper sanitization. The DBVisitor.dll is exposed through SOAP
interfaces, and the exposed functions are vulnerable to SOAP injection.
This may allow unexpected SQL action and access to records in the table
of the software database or execution of arbitrary code. |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user's browser, potentially leading to information disclosure or
other malicious activities. |
| A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials. |
