36 matches found
CVE-2025-34263
CVE-2025-34263 : Advantech WISE-DeviceOn Server versions prior to 5.4 suffer an authenticated stored XSS in the /rmm/v1/plugin-config/dashboards/menus endpoint. When a user adds/edits a dashboard entry, the label and path are stored in plugin configuration data and rendered in the dashboard UI wi...
Advantech WISE-DeviceOn Server 跨站脚本漏洞
Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied da...
Advantech DeviceOn/iEdge Path Traversal Vulnerability
Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...
Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11788)
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...
Advantech DeviceOn/iEdge Path Traversal Vulnerability (CNVD-2026-11789)
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that can be exploited by an attacker to upload a specially crafted configuration file for...
Advantech DeviceOn/iEdge Cross-Site Scripting Vulnerability
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...
CVE-2025-58423
CVE-2025-58423 affects Advantech DeviceOn/iEdge; root cause is insufficient sanitization of inputs, enabling a path traversal that can cause a Denial of Service, directory traversal, or read/write of files in the context of the local system account. Public sources (CNNVD/NVD) indicate impact up t...
CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...
CVE-2025-58423 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to cause a denial-of-service condition, traverse directories, or read/write files, within the context of the local system account...
CVE-2025-59171 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-59171 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-59171
CVE-2025-59171 affects Advantech DeviceOn/iEdge. The issue is caused by insufficient sanitization in the dashboard label or path, allowing an attacker to upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions. Public s...
CVE-2025-62630 Advantech DeviceOn/iEdge Path Traversal
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions...
CVE-2025-62630
Summary (CVE-2025-62630 – Advantech DeviceOn/iEdge) : A path traversal vulnerability exists due to insufficient sanitization in the DeviceOn/iEdge dashboard label/path, enabling an unauthenticated attacker to upload a crafted configuration file, traverse directories, and trigger remote code execu...
CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting
Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-310-01 Advantech DeviceOn iEdge ICSA-25-310-02 Ubia Ubox ICSA-25-310-03 ABB FLXeon Controllers...
Advantech DeviceOn/iEdge
RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, remote code execution, or an attacker reading arbitrary files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Advantech DeviceOn/iEdge 路径遍历漏洞
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. Advantech DeviceOn/iEdge suffers from a path traversal vulnerability that is caused by allowing the upload of specially crafted configuration files. An attacker...
Advantech DeviceOn/iEdge 路径遍历漏洞
Advantech DeviceOn/iEdge is an edge device remote management and operation and maintenance platform from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech DeviceOn/iEdge, which can be exploited by an attacker to read arbitrary files or bypass authentication...
Advantech DeviceOn/iEdge 跨站脚本漏洞
Advantech DeviceOn/iEdge is a remote management and operation and maintenance platform for edge devices from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech DeviceOn/iEdge, which stems from insufficient cleanup of dashboard labels or path inputs, and can be...