PT-2020-15991 · Advantech · Webaccess/Scada

Published

2020-10-19

Updated

2021-02-27

CVE-2020-25161

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WebAccess/SCADA versions 9.0 and prior

Description The WADashboard component of WebAccess/SCADA may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.

Recommendations For versions 9.0 and prior, update to a version later than 9.0 to resolve the issue. As a temporary workaround, consider restricting access to the WADashboard component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-73CWE-610

Related Identifiers

CVE-2020-25161

ZDI-20-1261

Affected Products

Webaccess/Scada

PT-2020-15991 · Advantech · Webaccess/Scada

CVE-2020-25161

Weakness Enumeration

Related Identifiers

Affected Products

References · 6