// For flags

CVE-2021-27436

 

Severity Score

6.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.

WebAccess/SCADA versiones 9.0 y anteriores, son vulnerables a un ataque de tipo cross-site scripting, lo que puede permitir a un atacante enviar código JavaScript malicioso a un usuario desprevenido, lo que podría resultar en el secuestro de las cookies y tokens de sesión del usuario, redireccionando al usuario a una página web maliciosa. y llevar a cabo acciones no deseadas del navegador

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-19 CVE Reserved
  • 2021-03-18 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
https://us-cert.cisa.gov/ics/advisories/icsa-21-075-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Advantech
Search vendor "Advantech"
 Webaccess\/scada
Search vendor "Advantech" for product "Webaccess\/scada"
 <= 9.0
Search vendor "Advantech" for product "Webaccess\/scada" and version " <= 9.0"
-
Affected