VYPR

WebAccess/SCADA

by WebAccess/SCADA

CVEs (7)

  • CVE-2019-6523CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.02

    WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.

  • CVE-2019-6519CriFeb 5, 2019
    risk 0.64cvss 9.8epss 0.03

    WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.

  • CVE-2021-22669HigApr 26, 2021
    risk 0.57cvss 8.8epss 0.01

    Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges…

  • CVE-2019-6521HigFeb 5, 2019
    risk 0.56cvss 8.6epss 0.02

    WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

  • CVE-2018-18999HigDec 19, 2018
    risk 0.48cvss 7.3epss 0.02

    WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

  • CVE-2021-22674MedAug 10, 2021
    risk 0.42cvss 6.5epss 0.01

    The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2021-27436MedMar 18, 2021
    risk 0.40cvss 6.1epss 0.01

    WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage…