WebAccess/SCADA
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-6523 | Cri | 0.64 | 9.8 | 0.02 | Feb 5, 2019 | WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands. | ||
| CVE-2019-6519 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2019 | WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data. | ||
| CVE-2021-22669 | Hig | 0.57 | 8.8 | 0.01 | Apr 26, 2021 | Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges… | ||
| CVE-2019-6521 | Hig | 0.56 | 8.6 | 0.02 | Feb 5, 2019 | WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information. | ||
| CVE-2018-18999 | Hig | 0.48 | 7.3 | 0.02 | Dec 19, 2018 | WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack. | ||
| CVE-2021-22674 | Med | 0.42 | 6.5 | 0.01 | Aug 10, 2021 | The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | ||
| CVE-2021-27436 | Med | 0.40 | 6.1 | 0.01 | Mar 18, 2021 | WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage… |
- risk 0.64cvss 9.8epss 0.02
WebAccess/SCADA, Version 8.3. The software does not properly sanitize its inputs for SQL commands.
- risk 0.64cvss 9.8epss 0.03
WebAccess/SCADA, Version 8.3. An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
- risk 0.57cvss 8.8epss 0.01
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges…
- risk 0.56cvss 8.6epss 0.02
WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
- risk 0.48cvss 7.3epss 0.02
WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
- risk 0.42cvss 6.5epss 0.01
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
- risk 0.40cvss 6.1epss 0.01
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage…