149 matches found
CVE-2021-40397
The CVE-2021-40397 entry relates to a privilege-escalation in Advantech WISE-PaaS/OTA Server 3.0.9. TALOS details describe a local attack where a specially crafted file in the OTA Server installation triggers elevation to NT AUTHORITY\SYSTEM by replacing files used by the PostgreSQL-related binar...
CVE-2021-40396
Advantech DeviceOn/iService 1.1.7 is affected by a privilege-escalation flaw from overly-permissive installation directory permissions. According to TALOS-2021-1408, the Server binaries in c:\Program Files\Advantech\WISE-DeviceOn\database\PostgreSQL\pgsql\bin\ (psql.exe, pg_ctl.exe, postgres.exe)...
CVE-2021-40389
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-40389
A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-40389
CVE-2021-40389 affects Advantech DeviceOn/iEdge Server 1.0.2. The vulnerability (CWE-276: Incorrect Default Permissions) arises from default permissions in the installation folder (e.g., c:\Program Files\Advantech\…) that let the Everyone group have full control over critical service binaries. An...
CVE-2021-40388
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-40388
A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-40388
Advantech SQ Manager Server 1.0.6 contains a privilege-escalation vulnerability (CWE-276). By default, the installation folder grants Everyone Full control over critical binaries (e.g., psql.exe, postgres.exe, pg_ctl.exe) in c:\Program Files\Advantech\SQ Manager Server\database\PostgreSQL\pgsql\b...
Advantech has unspecified vulnerabilities (CNVD-2022-08289)
Advantech is an application of Advantech, a Chinese company that provides an intelligent electric bus management system. Advantech DeviceOn/iService 1.1.7 contains a security vulnerability that can be exploited by attackers to replace specially crafted files in the system to elevate privileges to...
Advantech DeviceOn/iEdge Server Elevation of Privilege Vulnerability
Advantech DeviceOn/iEdge Server is industrial device intelligence software that enables non-intelligent devices to have IoT connectivity management capabilities.Advantech DeviceOn/iEdge Server elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges to NT...
Unspecified vulnerabilities exist in Advantech (CNVD-2022-08368)
Advantech is an application of Advantech, a Chinese company that provides an intelligent electric bus management system.A security vulnerability exists in Advantech SQ Manager Server, which can replace specially crafted files in the system to escalate privileges to NT system privileges. An attack...
Advantech 安全漏洞
Advantech is an application of Advantech, a Chinese company that provides an intelligent electric bus management system. Advantech DeviceOn/iService 1.1.7 contains a security vulnerability that can be exploited by attackers to replace specially crafted files in the system to elevate privileges to...
Advantech DeviceOn/iService 1.1.7 Server installation privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested Versio...
Advantech DeviceOn/iEdge Server 1.0.2 privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. Tested...
CVE-2021-21912
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
CVE-2021-21912
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
Privilege escalation
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
Privilege escalation
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
Privilege escalation
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 30.07.2021. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger...
CVE-2021-21912
Advantech R-SeeNet for Windows (Version 2.4.15) has a privilege escalation vulnerability (CVE-2021-21912) allowing an authenticated user to replace specific executable files in C:\R-SeeNet and related services to gain NT SYSTEM privileges. The TALOS report details multiple components (mysqld.exe,...