Vulnerabilities > Advantech > Webaccess Scada > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2021-38431 Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
network
low complexity
advantech CWE-862
4.3
2021-08-10 CVE-2021-22676 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code.
network
low complexity
advantech CWE-79
6.1
2021-08-10 CVE-2021-22674 Path Traversal vulnerability in Advantech Webaccess/Scada
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
network
low complexity
advantech CWE-22
6.5
2021-06-18 CVE-2021-32954 Path Traversal vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
network
low complexity
advantech CWE-22
6.5
2021-06-18 CVE-2021-32956 Unspecified vulnerability in Advantech Webaccess/Scada
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
network
low complexity
advantech
6.1
2021-03-18 CVE-2021-27436 Cross-site Scripting vulnerability in Advantech Webaccess/Scada
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
network
low complexity
advantech CWE-79
6.1
2018-05-15 CVE-2018-10591 Session Fixation vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.
network
high complexity
advantech CWE-384
6.1
2018-01-25 CVE-2018-5445 Path Traversal vulnerability in Advantech Webaccess/Scada
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
network
low complexity
advantech CWE-22
5.3
2018-01-25 CVE-2018-5443 SQL Injection vulnerability in Advantech Webaccess/Scada
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817.
network
low complexity
advantech CWE-89
5.3