PT-2021-22124 · Advantech · Advantech Webaccess/Scada

Peter Cheng

Published

2021-10-15

Updated

2021-10-20

CVE-2021-38431

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advantech WebAccess SCADA versions 9.0.3 and prior

Description The issue allows an authenticated user to disclose project names and paths from other users using API functions.

Recommendations For Advantech WebAccess SCADA versions 9.0.3 and prior, consider restricting access to API functions until a patch is available. As a temporary workaround, limit the use of API functions that can disclose project names and paths to minimize the risk of exploitation.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-38431

Affected Products

Advantech Webaccess/Scada

PT-2021-22124 · Advantech · Advantech Webaccess/Scada

CVE-2021-38431

Weakness Enumeration

Related Identifiers

Affected Products

References · 4