Vulnerability Details CVE-2021-22669
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2021-22669
-
cpe:2.3:a:advantech:webaccess/scada:-
-
cpe:2.3:a:advantech:webaccess/scada:7.2
-
cpe:2.3:a:advantech:webaccess/scada:8.0
-
cpe:2.3:a:advantech:webaccess/scada:8.1
-
cpe:2.3:a:advantech:webaccess/scada:8.2
-
cpe:2.3:a:advantech:webaccess/scada:8.2_20170817
-
cpe:2.3:a:advantech:webaccess/scada:8.3
-
cpe:2.3:a:advantech:webaccess/scada:8.3.2
-
cpe:2.3:a:advantech:webaccess/scada:8.4.5
-
cpe:2.3:a:advantech:webaccess/scada:9.0
-
cpe:2.3:a:advantech:webaccess/scada:9.0.1