199 matches found
File Uploading Vulnerability in Eki Technologies ERP System
Ltd. is a software company focusing on enterprise management, specializing in providing professional information management consulting, software development and online mall development and other information services. A file upload vulnerability exists in the ERP system of EqiTech, which can be...
Advantech EKI-1524 suffers from a denial of service vulnerability
The EKI-1524 is a serial device networking server. A denial of service vulnerability exists in the Advantech EKI-1524, which can be exploited by an attacker to cause a device to automatically reboot...
Command Execution Vulnerability in EKI-1521 at Advantech (China) Co.
The EKI-1521 is a serial device networking server that supports RS-232/422/485. A command execution vulnerability exists in the Advantech China EKI-1521, which can be exploited by an attacker to remotely execute system commands...
Denial of Service Vulnerability in EKI-1511X-AE/ADAM-4571-CE at Advantech (China) Co.
Advantech China Co., Ltd. is a global manufacturer in the intelligent system industry. A denial of service vulnerability exists in Advantech China Co. EKI-1511X-AE/ADAM-4571-CE, which can be exploited by attackers to cause a program crash...
portaal.eki.ee XSS vulnerability
Vulnerable URL: http://portaal.eki.ee/component/search/?searchword=ssss==all&s7tdj;%2522%253e%253cscript%253ealert%2528'OPENBUGBOUNTY'%2529%253c%252fscript%253el048m=1 Details: Description| Value ---|--- Patched:| Yes, at 23.02.2017 Latest check for patch:| 23.02.2017 18:21 GMT Vulnerability type...
The vulnerability of the embedded software of the industrial Ethernet switch EKI models 1361, 1362, 1321, 122x, and 1322 allows a intruder to gain access to the device.
The embedded software of the industrial Ethernet switch EKI models 1361, 1362, 1321, 122x, and 1322 contains SSH keys by default. Exploiting this vulnerability allows a malicious actor to gain access to the device by establishing an SSH connection remotely...
Advantech EKI Vulnerable to Bypass, Possible Backdoor
Researchers have uncovered yet another issue–and potential backdoor–in Advantech’s beleaguered EKI-1322 serial device server. The Dropbear SSH daemon associated with the server, because of heavy modifications, fails to enforce authentication. This makes it so any user who wants to bypass...
Advantech EKI-132x Device Authentication Bypass Vulnerability
Advantech EKI-132x is a serial device networking server from Advantech China that provides various redundant configurations and multiple access configurations for remote monitoring of serial devices via Ethernet communication protocol. A security vulnerability exists in Advantech EKI-132x devices...
CVE-2015-7938
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors...
Authentication flaw
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors...
CVE-2015-7938
Advantech EKI-132x devices running firmware older than 2015-12-31 are affected by an authentication bypass vulnerability (CVE-2015-7938). The issue allows remote attackers to bypass authentication and access the device, with exploits publicly available in the wild. A firmware update released on 2...
CVE-2015-7938
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors...
Advantech EKI Vulnerable to Shellshock, Heartbleed
Twice in the past year, security researchers have found and reported critical vulnerabilities in Modbus gateways built by Advantech that are used to connect serial devices in industrial control environments to IP networks. Most recently, independent security researcher Neil Smith found hard-coded...
Advantech EKI-1200 Buffer Overflow
OVERVIEW Enrique Nissim and Pablo Lorenzzato from Core Security Engineering Team have identified a buffer overflow vulnerability in Advantech EKI-1200 product line. Advantech has produced a patch that mitigates this vulnerability. CORE Security has tested the patch to validate that it resolves th...
SSH Key Vulnerability in Multiple Advantech Products
The Advantech EKI-122x-BE, EKI-132x, and EKI-136x are serial device networking servers from Advantech, China, that provide a variety of redundancy configurations and multiple access configurations for remotely monitoring serial devices via Ethernet communication protocols. A security vulnerabilit...
Hardcoded credentials
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session...
CVE-2015-6476
The CVE-2015-6476 vulnerability affects Advantech EKI-122x-BE (firmware <1.65), EKI-132x (firmware <1.98), and EKI-136x (firmware
Advantech EKI Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...
Advantech EKI Hard-coded SSH Keys Vulnerability
OVERVIEW Independent researcher Neil Smith has identified a hard-coded SSH key vulnerability in Advantech’s EKI-122X series products. Advantech has produced new firmware to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS Advantech reports that the...
CVE-2014-8385
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors...