Vulnerabilities > Advantech > Webaccess Scada > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-06 CVE-2023-22450 Unspecified vulnerability in Advantech Webaccess/Scada
In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to upload an ASP script file to a webserver when logged in as manager user, which can lead to arbitrary code execution.
network
low complexity
advantech
7.2
2021-04-26 CVE-2021-22669 Unspecified vulnerability in Advantech Webaccess/Scada
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
network
low complexity
advantech
8.8
2021-03-03 CVE-2020-13554 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
7.8
2021-02-23 CVE-2020-25161 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech Webaccess/Scada
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
network
low complexity
advantech CWE-610
8.8
2021-02-17 CVE-2020-13555 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13553 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13552 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13551 Incorrect Default Permissions vulnerability in Advantech Webaccess/Scada 9.0.1
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation.
local
low complexity
advantech CWE-276
8.8
2021-02-17 CVE-2020-13550 Path Traversal vulnerability in Advantech Webaccess/Scada 9.0.1
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1.
network
low complexity
advantech CWE-22
7.7
2019-02-05 CVE-2019-6521 Improper Authentication vulnerability in Advantech Webaccess/Scada 8.3
WebAccess/SCADA, Version 8.3.
network
low complexity
advantech CWE-287
8.6