Yuri Kramarz

**Name of the Vulnerable Software and Affected Versions** Advantech DeviceOn/iEdge Server version 1.0.2 **Description** The issue is related to incorrect default permission settings, allowing an attacker to escalate privileges using a specially-crafted file. This can lead to an attacker gaining NT SYSTEM authority. The vulnerability can be triggered by providing a malicious file. **Recommendations** For Advantech DeviceOn/iEdge Server version 1.0.2, consider restricting access to sensitive files and directories to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor system activity closely for signs of privilege escalation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech DeviceOn/iService version 1.1.7 **Description** A privilege escalation issue exists due to incorrect default permission settings, allowing an attacker to elevate privileges using a specially-crafted file. This can be triggered by replacing a file in the system, resulting in escalated privileges to NT SYSTEM authority. **Recommendations** For Advantech DeviceOn/iService version 1.1.7, consider restricting access to sensitive files and directories to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor system file integrity and access logs closely to detect potential exploitation attempts.

**Name of the Vulnerable Software and Affected Versions** Dream Report ODS Remote Connector version 20.2.16900.0 **Description** A privilege escalation issue exists in the Remote Server functionality due to a specially-crafted command injection, which can lead to elevated capabilities. An attacker can trigger this issue by providing a malicious file. **Recommendations** For Dream Report ODS Remote Connector version 20.2.16900.0, consider restricting access to the Remote Server functionality until a patch is available. As a temporary workaround, avoid using the Remote Server functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the lack of protection of the SQL query structure in the `host alt filter2` parameter of the `device list.php` file. This can be exploited by a remote attacker using a specially-crafted HTTP request, potentially leading to the disclosure of protected information. The vulnerability can be triggered by making authenticated HTTP requests to the `host alt filter2` parameter, which can be done by any authenticated user or through cross-site request forgery. **Recommendations** As a temporary workaround, consider restricting access to the `host alt filter2` parameter in the `device list.php` file until a patch is available. Avoid using the `host alt filter2` parameter in authenticated HTTP requests to minimize the risk of exploitation. Restrict access to the `device list.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the lack of protection of the SQL query structure in the `surname filter` parameter of the `user list.php` file. This can be exploited by a remote attacker using a specially-crafted HTTP request, potentially leading to the disclosure of protected information. The vulnerability can be triggered by making authenticated HTTP requests to the `surname filter` parameter, either with an administrative account or through cross-site request forgery. **Recommendations** For Advantech R-SeeNet, consider disabling the `surname filter` parameter in the `user list.php` file as a temporary workaround until a patch is available. Restrict access to the `user list.php` file to minimize the risk of exploitation. Avoid using the `surname filter` parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to a lack of protection in the SQL query structure, allowing for SQL injection through a specially-crafted HTTP request. This can be triggered at the `imei filter` parameter by an authenticated user or through cross-site request forgery, potentially leading to the disclosure of protected information. **Recommendations** As a temporary workaround, consider disabling the `imei filter` parameter in the device list.php file until a patch is available. Restrict access to the device list.php file to minimize the risk of exploitation. Avoid using the `imei filter` parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** A specially-crafted HTTP request can lead to SQL injection, allowing an attacker to disclose protected information. This can be triggered through the `username filter` parameter with an administrative account or via cross-site request forgery. The issue is related to the lack of protection of the SQL query structure. **Recommendations** As a temporary workaround, consider disabling the `username filter` parameter until a patch is available. Restrict access to the administrative account to minimize the risk of exploitation. Avoid using the `username filter` parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, potentially leading to SQL injection. This can be triggered by making authenticated HTTP requests, specifically targeting the `health alt filter` parameter. An attacker can exploit this as any authenticated user or through cross-site request forgery. The vulnerability may allow a remote attacker to disclose protected information using a specially crafted request. **Recommendations** As a temporary workaround, consider disabling access to the `health alt filter` parameter in the device list.php file until a patch is available. Restrict access to the device list.php file to minimize the risk of exploitation. Avoid using the `health alt filter` parameter in authenticated HTTP requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, leading to SQL injection. This can be triggered by making authenticated HTTP requests, potentially through cross-site request forgery, and affects the `host alt filter` parameter in the device list.php file. An attacker can exploit this issue as any authenticated user, allowing them to potentially disclose protected information using a specially crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to a lack of protection in the SQL query structure, which can be exploited through a specially-crafted HTTP request, potentially leading to SQL injection. This can be triggered by making authenticated HTTP requests to the `name filter` parameter, possibly through cross-site request forgery, or by exploiting the `name filter` parameter in the `user list.php` file. An attacker could use this vulnerability to disclose protected information remotely. **Recommendations** For Advantech R-SeeNet, as a temporary workaround, consider disabling the `name filter` parameter in the `user list.php` file until a patch is available. Restrict access to the `user list.php` file to minimize the risk of exploitation. Avoid using the `name filter` parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech WISE-PaaS/OTA Server version 3.0.9 **Description** A privilege escalation issue exists due to improper default permission settings, allowing an attacker to elevate privileges to NT SYSTEM authority by replacing a specially-crafted file in the system. This can be triggered by providing a malicious file. **Recommendations** For Advantech WISE-PaaS/OTA Server version 3.0.9, consider restricting access to sensitive files and directories to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor file replacements and system changes closely to detect potential malicious activity. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech SQ Manager Server version 1.0.6 **Description** A privilege escalation issue exists due to incorrect default permission settings, allowing an attacker to elevate privileges to NT SYSTEM authority by replacing a specially-crafted file in the system. This can be triggered by providing a malicious file. **Recommendations** For Advantech SQ Manager Server version 1.0.6, consider restricting access to sensitive files and directories to prevent unauthorized modifications until a patch is available. As a temporary workaround, monitor file system changes closely to detect potential exploitation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet version 2.4.15 **Description** The issue is related to insufficient access restrictions to the C:R-SeeNet directory, which can be exploited by an attacker to escalate privileges using a specially crafted malicious file. This can allow the attacker to gain NT SYSTEM authority. **Recommendations** For Advantech R-SeeNet version 2.4.15, consider restricting access to the C:R-SeeNet directory to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable executable file C:R-SeeNetR SeeNet.exe until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet version 2.4.15 **Description** A privilege escalation issue exists in the Windows version of Advantech R-SeeNet, related to insufficient access control to the directory C:R-SeeNet. This can allow an attacker to elevate their privileges to NT SYSTEM authority by replacing a specially-crafted file in the system. **Recommendations** For Advantech R-SeeNet version 2.4.15, consider restricting access to the directory C:R-SeeNet to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet version 2.4.15 **Description** A privilege escalation issue exists due to insufficient access restrictions to the C:R-SeeNet directory. This can be exploited by an attacker using a specially crafted malicious file to elevate privileges to NT SYSTEM authority. **Recommendations** For Advantech R-SeeNet version 2.4.15, consider restricting access to the C:R-SeeNet directory to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable directory for executing files from untrusted sources.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the incorrect handling of the `desc filter` parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests or through cross-site request forgery. This allows a remote attacker to conduct cross-site scripting attacks by sending specially crafted SQL queries. **Recommendations** As a temporary workaround, consider disabling the `desc filter` parameter in the affected component until a patch is available. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the `desc filter` parameter in authenticated HTTP requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the incorrect handling of the `mac filter` parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests to the `mac filter` parameter, potentially through cross-site request forgery. This can be done by any authenticated user. **Recommendations** As a temporary workaround, consider restricting access to the `mac filter` parameter to minimize the risk of exploitation. Avoid using the `mac filter` parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the incorrect handling of the `firm filter` parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests or through cross-site request forgery, potentially allowing remote attackers to conduct SQL injection attacks. The `firm filter` parameter is specifically vulnerable. **Recommendations** As a temporary workaround, consider disabling the `firm filter` parameter in the device list component until a patch is available. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the `firm filter` parameter in authenticated HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** A specially-crafted HTTP request can lead to SQL injection, allowing an attacker to make authenticated HTTP requests at the `prod filter` parameter. This vulnerability can be triggered by any authenticated user or through cross-site request forgery, potentially enabling remote attackers to conduct cross-site scripting attacks by sending specially crafted SQL queries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advantech R-SeeNet (affected versions not specified) **Description** The issue is related to the incorrect handling of the `health filter` parameter in the device list component, which can lead to SQL injection. An attacker can exploit this by making authenticated HTTP requests or through cross-site request forgery. This allows a remote attacker to conduct cross-site scripting attacks by sending specially crafted SQL queries. **Recommendations** As a temporary workaround, consider disabling the `health filter` parameter to minimize the risk of exploitation. Restrict access to the device list component to minimize the risk of exploitation. Avoid using the `health filter` parameter in affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.