Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Advantech Subscribe
Filtered by product Webaccess\/scada

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32954 1 Advantech 1 Webaccess\/scada 2022-07-02 6.8 MEDIUM 6.5 MEDIUM
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
CVE-2021-22674 1 Advantech 1 Webaccess\/scada 2021-08-17 4.0 MEDIUM 6.5 MEDIUM
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVE-2021-22676 1 Advantech 1 Webaccess\/scada 2021-08-17 4.3 MEDIUM 6.1 MEDIUM
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
CVE-2021-32956 1 Advantech 1 Webaccess\/scada 2021-06-24 5.8 MEDIUM 6.1 MEDIUM
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
CVE-2021-27436 1 Advantech 1 Webaccess\/scada 2021-03-25 4.3 MEDIUM 6.1 MEDIUM
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
CVE-2018-5443 1 Advantech 1 Webaccess\/scada 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVE-2018-5445 1 Advantech 1 Webaccess\/scada 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.