Description
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01
Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01
Third Party AdvisoryUS Government Resource
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2021-10-15T13:15:07.533Z
4 years agoLast modified
2026-06-17T04:02:05.170Z
3 weeks ago