Lucene search
K

231 matches found

CVE
CVE
added 2021/08/10 2:3 p.m.41 views

CVE-2021-32943

The CVE-2021-32943 issue affects Advantech WebAccess/SCADA before 8.4.5 and before 9.0.1, caused by a stack-based buffer overflow that could allow remote code execution. Multiple connected sources (NVD, Red Hat, Red Team/RH CVE entry, and ICS advisory) confirm the vulnerability in the WebAccess/S...

9.8CVSS9.6AI score0.0187EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/10 2:3 p.m.23 views

CVE-2021-32943

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...

9.8AI score0.0187EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/10 2:2 p.m.15 views

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

6.1AI score0.00642EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/10 2:0 p.m.19 views

CVE-2021-22674

The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...

6.6AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/06 12:0 a.m.17 views

Advantech WebAccess/SCADA Path Traversal Vulnerability (CNVD-2021-59235)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A path traversal vulnerability exists in Advantech WebAccess/SCADA, which stems from the product's failure to add access rights to input data. An attacker could use the vulnerability ...

6.5CVSS6.3AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/06 12:0 a.m.20 views

Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability (CNVD-2021-59236)

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A cross-site scripting vulnerability exists in Advantech WebAccess/SCADA, which originates from UserExcelOut.asp failing to properly validate the correctness of user data. The...

6.1CVSS6AI score0.00642EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.5 views

Advantech WebAccess/SCADA 缓冲区错误漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA, which arises from the product failing to properly validate data boundaries. An attacker could cause a stack overfl...

9.8CVSS6AI score0.0187EPSS
Exploits0References4
ICS
ICS
added 2021/08/05 12:0 a.m.65 views

Advantech WebAccess SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Cross-site Scripting XSS, Relative Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

9.8CVSS7.8AI score0.0187EPSS
Exploits0References4
OSV
OSV
added 2021/06/18 2:15 p.m.6 views

CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...

6.5CVSS5.9AI score0.02077EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/18 1:53 p.m.22 views

CVE-2021-32954

Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system...

6.6AI score0.02077EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/18 12:0 a.m.5 views

Advantech WebAccess/SCADA Relative Path Traversal Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A relative path traversal vulnerability...

6.8CVSS6.8AI score0.02077EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.5 views

Advantech WebAccess/SCADA 路径遍历漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A relative path traversal vulnerability...

6.8CVSS5.9AI score0.02077EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.4 views

Advantech WebAccess/SCADA 输入验证错误漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. An open redirection vulnerability exist...

6.1CVSS5.7AI score0.00699EPSS
Exploits0References5
OSV
OSV
added 2021/04/26 7:15 p.m.6 views

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...

8.8CVSS5.8AI score0.01174EPSS
Exploits0References1
NVD
NVD
added 2021/04/26 7:15 p.m.12 views

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...

9CVSS0.01174EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/26 6:59 p.m.21 views

CVE-2021-22669

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system...

9.1AI score0.01174EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/14 12:0 a.m.4 views

Advantech WebAccess/SCADA Critical Resource Permission Assignment Incorrect Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A vulnerability exists in the Project...

9CVSS6.8AI score0.01174EPSS
Exploits0References1
ICS
ICS
added 2021/04/13 12:0 a.m.39 views

Advantech WebAccessSCADA

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

9CVSS9.2AI score0.01174EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.6 views

Advantech WebAccess SCADA 安全漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A vulnerability exists in the Project...

9CVSS5.7AI score0.01174EPSS
Exploits0References5
CNVD
CNVD
added 2021/03/17 12:0 a.m.10 views

Advantech WebAccess/SCADA Cross-Site Scripting Vulnerability

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A cross-site scripting vulnerability...

6.1CVSS6.1AI score0.0069EPSS
Exploits0References1
Rows per page
Query Builder