231 matches found
CVE-2021-32943
The CVE-2021-32943 issue affects Advantech WebAccess/SCADA before 8.4.5 and before 9.0.1, caused by a stack-based buffer overflow that could allow remote code execution. Multiple connected sources (NVD, Red Hat, Red Team/RH CVE entry, and ICS advisory) confirm the vulnerability in the WebAccess/S...
CVE-2021-32943
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...
CVE-2021-22676
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...
CVE-2021-22674
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...
Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...
Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability (CNVD-2021-59236)
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which originates from UserExcelOut.asp failing to properly validate the correctness of user data. The...
Advantech WebAccess/SCADA 缓冲区错误漏洞
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA, which arises from the product failing to properly validate data boundaries. An attacker could cause a stack overfl...
Advantech WebAccess SCADA
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Cross-site Scripting XSS, Relative Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
CVE-2021-32954
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...
CVE-2021-32954
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...
Advantech WebAccess/SCADA Relative Path Traversal Vulnerability
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A relative path traversal vulnerability...
Advantech WebAccess/SCADA 路径遍历漏洞
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A relative path traversal vulnerability...
Advantech WebAccess/SCADA 输入验证错误漏洞
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. An open redirection vulnerability exist...
CVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...
CVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...
CVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...
Advantech WebAccess/SCADA Critical Resource Permission Assignment Incorrect Vulnerability
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A vulnerability exists in the Project...
Advantech WebAccessSCADA
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...
Advantech WebAccess SCADA 安全漏洞
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A vulnerability exists in the Project...
Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability
Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A cross-site scripting vulnerability...