Description
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01
Third Party AdvisoryUS Government Resource
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-15T13:15:07.533
3 years agoLast modified
2021-10-20T15:12:45.713
3 years ago