CVE-2025-64302

Medium CVSS: 5.3

Insufficient input sanitization in the dashboard label or path can allow
an attacker to trigger a device error causing information disclosure or
data manipulation.

Vendor

Advantech

Product

Deviceon\/iedge

CWE

CWE-79

Yayın Tarihi

2025-11-06 23:15:38

Güncelleme

2025-11-19 20:20:00

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-79 Deviceon\/iedge MEDIUM Advantech 2025

Referanslar

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-310-01.json https://www.advantech.com/emt/contact https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01

Benzer Kayıtlar

Critical

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arb…

Medium

CVE-2025-67653

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence o…

Medium

CVE-2025-46268

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands…

Medium

CVE-2025-14848

Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the ex…

High

CVE-2025-14849

Advantech WebAccess/SCADA is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute ar…

High

CVE-2025-14850

Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.