VYPR

Webaccess/SCADA

by Webace

CVEs (9)

  • CVE-2019-10993CriJun 28, 2019
    risk 0.65cvss 9.8epss 0.11

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.

  • CVE-2021-32943CriAug 10, 2021
    risk 0.64cvss 9.8epss 0.02

    The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).

  • CVE-2019-10991CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2019-10989CriJun 28, 2019
    risk 0.64cvss 9.8epss 0.09

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability…

  • CVE-2019-10985CriJun 28, 2019
    risk 0.59cvss 9.1epss 0.03

    In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator.

  • CVE-2019-10987HigJun 28, 2019
    risk 0.58cvss 8.8epss 0.06

    In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.

  • CVE-2020-25161HigFeb 23, 2021
    risk 0.57cvss 8.8epss 0.02

    The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

  • CVE-2019-10983HigJun 28, 2019
    risk 0.49cvss 7.5epss 0.02

    In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information.

  • CVE-2021-22676MedAug 10, 2021
    risk 0.40cvss 6.1epss 0.01

    UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the…