High
CVE-2019-13551
Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator.
CVE-2019-13547
There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.
CVE-2019-18227
XXE vulnerabilities exist that may allow disclosure of sensitive data.
CVE-2019-18229
Lack of sanitization of user-supplied input cause SQL injection vulnerabilities. An attacker can leverage these vulnerabilities to disclose information.
Advantech
WISE-PaaS/RMM
Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn.