CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32956
https://notcve.org/view.php?id=CVE-2021-32956
18 Jun 2021 — Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage. Advantech WebAccess/SCADA Versiones 9.0.1 y anteriores, es vulnerable a un redireccionamiento, que puede permitir a un atacante enviar una URL maliciosamente diseñada que podría resultar en redireccionar a un usuario a una página web maliciosa • https://us-cert.cisa.gov/ics/advisories/icsa-21-168-03 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34540
https://notcve.org/view.php?id=CVE-2021-34540
11 Jun 2021 — Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess versiones 8.4.2 y 8.4.4, permite ataques de tipo XSS por medio de la columna de nombre de usuario de la página bwRoot.asp de WADashboard • https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33000 – Advantech WebAccess/HMI Designer PM3 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-33000
28 Apr 2021 — Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). El análisis de un archivo de proyecto diseñado maliciosamente puede causar un desbordamiento del búfer en la región heap de la memoria, que puede permitir a un atacante llevar a cabo una ejecución de código arbitraria. Es requerida una interacción del usuario en el WebAcces... • https://us-cert.cisa.gov/ics/advisories/icsa-21-173-01 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22669
https://notcve.org/view.php?id=CVE-2021-22669
26 Apr 2021 — Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. Los permisos incorrectos son ajustados de forma predeterminada en la página "Project Management" del portal WebAccess/SCADA de WebAccess/SCADA Versiones 9.0.1 y anteriores, lo que puede permitir a un usuario poco privilegia... • https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27436
https://notcve.org/view.php?id=CVE-2021-27436
18 Mar 2021 — WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. WebAccess/SCADA versiones 9.0 y anteriores, son vulnerables a un ataque de tipo cross-site scripting, lo que puede permitir a un atacante enviar código JavaScript malicioso a un usuario despr... • https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13554
https://notcve.org/view.php?id=CVE-2020-13554
03 Mar 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En webvrpcs... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13555
https://notcve.org/view.php?id=CVE-2020-13555
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En COM Server Application Privilege Escal... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13553
https://notcve.org/view.php?id=CVE-2020-13553
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En Run Key ... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13551
https://notcve.org/view.php?id=CVE-2020-13551
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1. En la escalada de privilegios a través... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13552
https://notcve.org/view.php?id=CVE-2020-13552
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Se presenta una vulnerabilidad de elevación de privilegios local explotable en los permisos del sistema de archivos de la instalación de Advantech WebAccess/SCADA versión 9.0.1.&... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •