Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Advantech — Vulnerabilities & Security Advisories 139

Browse all 139 CVE security advisories affecting Advantech. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Advantech specializes in industrial automation, providing embedded computing hardware and IoT solutions for manufacturing and infrastructure sectors. The company’s extensive product portfolio, which includes edge gateways and panel PCs, has resulted in a significant vulnerability footprint, with 139 Common Vulnerabilities and Exposures (CVEs) currently recorded. Historical analysis reveals that these security flaws predominantly stem from Remote Code Execution (RCE) and Cross-Site Scripting (XSS) issues, often arising from unpatched web management interfaces or embedded Linux components. Additionally, several instances of privilege escalation and buffer overflow vulnerabilities have been documented, highlighting risks associated with legacy firmware and default configurations. While no single catastrophic incident has defined the brand’s public security history, the sheer volume of disclosed defects underscores persistent challenges in maintaining secure codebases across diverse industrial environments. This pattern necessitates rigorous patch management and network segmentation for organizations relying on Advantech infrastructure to mitigate potential exploitation vectors.

Top products by Advantech: WebAccess EKI-6333AC-2G iView WebAccess/SCADA WebAccess/VPN Advantech WebAccess Advantech Wireless Sensing and Equipment (WISE) EKI-1524 ADAM-5630 DeviceOn/iEdge R-SeeNet ADAM 5550 HMI Designer ADAM-3600 WebAccess SCADA WebAccess/NMS SUSI IoTSuite and IoT Edge Products WISE-6610
CVE IDTitleCVSSSeverityPublished
CVE-2026-2670 Advantech WISE-6610 Background Management openvpn_apply os command injection — WISE-6610CWE-78 7.2 High2026-02-18
CVE-2025-52694 Execution of arbitrary SQL commands — IoTSuite and IoT Edge Products 10.0 Critical2026-01-12
CVE-2025-67653 Advantech WebAccess/SCADA Path Traversal — WebAccess/SCADACWE-22 4.3 Medium2025-12-18
CVE-2025-46268 Advantech WebAccess/SCADA SQL Injection — WebAccess/SCADACWE-89 6.3 Medium2025-12-18
CVE-2025-14848 Advantech WebAccess/SCADA Absolute Path Traversal — WebAccess/SCADACWE-36 4.3 Medium2025-12-18
CVE-2025-14849 Advantech WebAccess/SCADA Unrestricted Upload of File with Dangerous Type — WebAccess/SCADACWE-434 8.8 High2025-12-18
CVE-2025-14850 Advantech WebAccess/SCADA Improper Limitation of a Pathname to a Restricted Directory — WebAccess/SCADACWE-22 8.1 High2025-12-18
CVE-2025-14252 Advantech SUSI 安全漏洞 — SUSI 7.8 High2025-12-16
CVE-2025-13373 Advantech iView SQL Injection — iViewCWE-89 7.5 High2025-12-04
CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal — DeviceOn/iEdgeCWE-22 8.8 High2025-11-06
CVE-2025-59171 Advantech DeviceOn/iEdge Path Traversal — DeviceOn/iEdgeCWE-22 7.5 High2025-11-06
CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal — DeviceOn/iEdgeCWE-22 8.8 High2025-11-06
CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting — DeviceOn/iEdgeCWE-79 6.4 Medium2025-11-06
CVE-2022-50595 Advantech iView < v5.7.04 Build 6425 ztp_search_value Parameter SQL Injection RCE — iViewCWE-89 9.8 -2025-11-06
CVE-2022-50591 Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure — iViewCWE-89 9.1 -2025-11-06
CVE-2022-50593 Advantech iView < v5.7.04 Build 6425 search_term Parameter SQL Injection RCE — iViewCWE-89 9.8 -2025-11-06
CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE — iViewCWE-89 9.8 -2025-11-06
CVE-2022-50594 Advantech iView < v5.7.04 Build 6425 data Parameter SQL Injection Information Disclosure — iViewCWE-89 7.5 -2025-11-06
CVE-2025-34247 Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34246 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxPrevalidationController.ajaxAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34243 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxNetworkFwRulesAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34241 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxDeviceController.ajaxDeviceAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34240 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AppManagementController.appUpgradeAction() — WebAccess/VPNCWE-89 6.5 -2025-11-06
CVE-2025-34239 Advantech WebAccess/VPN < 1.1.5 Command Injection in AppManagementController.appUpgradeAction() — WebAccess/VPNCWE-78 7.2 -2025-11-06
CVE-2025-34238 Advantech WebAccess/VPN < 1.1.5 Path Traversal via AjaxStandaloneVpnClientsController.ajaxDownloadRoadWarriorConfigFileAction() — WebAccess/VPNCWE-22 4.9 -2025-11-06
CVE-2025-34237 Advantech WebAccess/VPN < 1.1.5 Stored XSS via StandaloneVpnClientsController.addStandaloneVpnClientAction() — WebAccess/VPNCWE-79 5.4 -2025-11-06
CVE-2025-34236 Advantech WebAccess/VPN < 1.1.5 Stored XSS via NetworksController.addNetworkAction() — WebAccess/VPNCWE-79 5.4 -2025-11-06

This page lists every published CVE security advisory associated with Advantech. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.