CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27436
https://notcve.org/view.php?id=CVE-2021-27436
18 Mar 2021 — WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. WebAccess/SCADA versiones 9.0 y anteriores, son vulnerables a un ataque de tipo cross-site scripting, lo que puede permitir a un atacante enviar código JavaScript malicioso a un usuario despr... • https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13554
https://notcve.org/view.php?id=CVE-2020-13554
03 Mar 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En webvrpcs... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13555
https://notcve.org/view.php?id=CVE-2020-13555
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En COM Server Application Privilege Escal... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13553
https://notcve.org/view.php?id=CVE-2020-13553
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En Run Key ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13551
https://notcve.org/view.php?id=CVE-2020-13551
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En la escalada de privilegios a través... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13552
https://notcve.org/view.php?id=CVE-2020-13552
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1.&... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13550
https://notcve.org/view.php?id=CVE-2020-13550
17 Feb 2021 — A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inclusión de archivos locales en la funcionalidad de instalación de Advantech WebAccess/SCADA versión 9.0.1. Una aplicación especialmente diseñada puede conllevar a una divulgación de información. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1168 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25161 – Advantech WebAccess/SCADA WADashboard External Control of File Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25161
19 Oct 2020 — The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. El componente WADashboard de WebAccess/SCADA Versiones 9.0 y anteriores, puede permitir a un atacante controlar o influir en una ruta usada en una operación en el sistema de archivos y ejecutar código remotamente como administrador This vulnerability allows remote attackers to execute arbitrary code on a... • https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6523
https://notcve.org/view.php?id=CVE-2019-6523
05 Feb 2019 — WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. WebAccess/SCADA, en la versión 8.3, no sanea adecuadamente sus entradas para comandos SQL. • http://www.securityfocus.com/bid/106722 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0CVE-2019-6521
https://notcve.org/view.php?id=CVE-2019-6521
05 Feb 2019 — WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. En la versión 8.3 de WebAccess/SCADA, peticiones especialmente manipuladas podrían permitir una omisión de autenticación que podría permitir que un atacante obtenga y manipule información sensible. • http://www.securityfocus.com/bid/106722 • CWE-287: Improper Authentication •