Vulnerabilities > Advantech > Webaccess Scada

DATE CVE VULNERABILITY TITLE RISK
2021-04-26 CVE-2021-22669 Unspecified vulnerability in Advantech Webaccess/Scada
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
network
low complexity
advantech
8.8
2021-03-18 CVE-2021-27436 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
network
low complexity
advantech CWE-79
6.1
2021-03-03 CVE-2020-13554 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
7.8
2021-02-23 CVE-2020-25161 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
network
low complexity
advantech CWE-610
8.8
2021-02-17 CVE-2020-13555 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13553 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13552 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13551 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13550 Path Traversal vulnerability in Advantech Webaccess/Scada 9.0.1
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1.
network
low complexity
advantech CWE-22
7.7
2019-02-05 CVE-2019-6523 SQL Injection vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-89
critical
9.8