CVE-2021-27436

6.1MEDIUM

Key Information

Vendor: Advantech
Status: Advantech Webaccess/scada
Vendor: CVE Published:; 18 March 2021

Summary

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions.

Affected Version(s)

Advantech WebAccess/SCADA = Versions 9.0 and prior

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Mar 18, 2021
Vulnerability Reserved.
Feb 19, 2021

Collectors

NVD DatabaseMitre Database