Advantech

Wise-deviceon Server

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-34256

  • EPSS 0.25%
  • Veröffentlicht 05.12.2025 17:18:31
  • Zuletzt bearbeitet 17.12.2025 17:15:48

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only...

5.4

CVE-2025-34265

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:18:10
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit...

5.4

CVE-2025-34263

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:17:52
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path valu...

5.4

CVE-2025-34266

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:17:35
  • Zuletzt bearbeitet 17.12.2025 17:15:50

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path value...

5.4

CVE-2025-34264

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:17:17
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored...

5.4

CVE-2025-34262

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:16:55
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devices/name/{agent_id} endpoint. When an authenticated user renames a device, the new_name value is stored and later render...

5.4

CVE-2025-34258

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:16:37
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rend...

5.4

CVE-2025-34259

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:16:20
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered...

5.4

CVE-2025-34261

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:16:03
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and la...

5.4

CVE-2025-34260

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 17:15:44
  • Zuletzt bearbeitet 17.12.2025 17:15:49

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and la...