Advantech

Webaccess/scada

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2021-22669

  • EPSS 0.17%
  • Veröffentlicht 26.04.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 05:50:26

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator...

6.1

CVE-2021-27436

  • EPSS 0.19%
  • Veröffentlicht 18.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:59

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the ...

7.8

CVE-2020-13554

Exploit
  • EPSS 0.09%
  • Veröffentlicht 03.03.2021 17:15:11
  • Zuletzt bearbeitet 21.11.2024 05:01:29

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace...

8.8

CVE-2020-25161

  • EPSS 0.63%
  • Veröffentlicht 23.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:17:30

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

8.8

CVE-2020-13555

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:29

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to e...

8.8

CVE-2020-13553

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:29

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace...

8.8

CVE-2020-13552

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker ca...

8.8

CVE-2020-13551

Exploit
  • EPSS 0.06%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules t...

7.7

CVE-2020-13550

Exploit
  • EPSS 0.26%
  • Veröffentlicht 17.02.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:01:28

A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this v...

9.8

CVE-2019-6523

  • EPSS 0.85%
  • Veröffentlicht 05.02.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:46:37

WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.