EUVD-2021-9812

Malicious code in bioql PyPI...

PT-2023-3044 · Advantech · Advantech Webaccess/Scada

Name of the Vulnerable Software and Affected Versions: Advantech WebAccss/SCADA versions 9.1.3 and prior Description: The issue is related to an arbitrary file upload vulnerability. This could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, leading t...

CVE-2021-22676

UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting XSS, which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA...

CVE-2021-27436

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing...

Advantech WebAccess/SCADA suffers from an arbitrary file deletion vulnerability (CNVD-2020-58466)

Advantech WebAccess/SCADA is a suite of SCADA software based on a browser architecture. An arbitrary file deletion vulnerability exists in Advantech WebAccess/SCADA. An attacker can exploit the vulnerability to delete arbitrary files...

CVE-2019-10987

In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution...