Advantech: >> Webaccess/scada >> 8.2 Security Vulnerabilities
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-18
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-23
A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-01-25
A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device.
CVSS Score
5.3
EPSS Score
0.011
Published
2018-01-25
Page 2