CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22676
https://notcve.org/view.php?id=CVE-2021-22676
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). El archivo UserExcelOut.asp dentro de WebAccess/SCADA es vulnerable a un ataque de tipo cross-site scripting (XSS), que podría permitir a un atacante enviar código JavaScript malicioso. Esto podría resultar en el secuestro de los tokens de cookies/sesión, la redirección a una página web maliciosa, y la acción involuntaria del navegador en el WebAccess/SCADA (WebAccess/SCADA versiones anteriores a 8.4.5, WebAccess/SCADA versiones anteriores a 9.0.1) • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22674
https://notcve.org/view.php?id=CVE-2021-22674
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). El producto afectado es vulnerable a una condición de salto de ruta relativa, que puede permitir a un atacante acceder a archivos y directorios no autorizados en el WebAccess/SCADA (WebAccess/SCADA versiones anteriores a 8.4.5, WebAccess/SCADA versiones anteriores a 9.0.1) • https://us-cert.cisa.gov/ics/advisories/icsa-21-217-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32954
https://notcve.org/view.php?id=CVE-2021-32954
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un salto de directorio, que puede permitir a un atacante leer remotamente archivos arbitrarios en el sistema de archivos • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32956
https://notcve.org/view.php?id=CVE-2021-32956
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un redireccionamiento, que puede permitir a un atacante enviar una URL maliciosamente diseñada que podría resultar en redireccionar a un usuario a una página web maliciosa • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22669
https://notcve.org/view.php?id=CVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. Los permisos incorrectos son ajustados de forma predeterminada en la página "Project Management" del portal WebAccess/SCADA de WebAccess/SCADA Versiones 9.0.1 y anteriores, lo que puede permitir a un usuario poco privilegiado actualizar la contraseña de un administrador e iniciar sesión como administrador para escalar privilegios en el sistema • https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •