CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27436
https://notcve.org/view.php?id=CVE-2021-27436
18 Mar 2021 — WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. WebAccess/SCADA versiones 9.0 y anteriores, son vulnerables a un ataque de tipo cross-site scripting, lo que puede permitir a un atacante enviar código JavaScript malicioso a un usuario despr... • https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25161 – Advantech WebAccess/SCADA WADashboard External Control of File Path Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-25161
19 Oct 2020 — The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. El componente WADashboard de WebAccess/SCADA Versiones 9.0 y anteriores, puede permitir a un atacante controlar o influir en una ruta usada en una operación en el sistema de archivos y ejecutar código remotamente como administrador This vulnerability allows remote attackers to execute arbitrary code on a... • https://us-cert.cisa.gov/ics/advisories/icsa-20-289-01 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18999
https://notcve.org/view.php?id=CVE-2018-18999
19 Dec 2018 — WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. WebAccess/SCADA, WebAccess/SCADA en su versión 8.3.2 instalada en Windows 2008 R2 SP1. La falta de validación adecuada de entradas proporcionadas por el usuario podría permitir que un atacante provoque el desbordamiento de un búfer de la pila. • http://www.securityfocus.com/bid/106245 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •