Sign-up

ID

VAR-202008-1268


TITLE

Advantech (China) Co., Ltd. WebAccess SCADA has file upload vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-41339

DESCRIPTION

Advantech WebAccess/SCADA is a browser-based SCADA software package for supervisory control, data acquisition and visualization. It is used to automatically execute complex industrial processes in the case of remote operation. Advantech (China) Co., Ltd. WebAccess SCADA has a file upload vulnerability. Attackers can use the vulnerability to gain system control permissions.

Trust: 0.6

sources: CNVD: CNVD-2020-41339

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41339

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess scadascope:eqversion:v9.0.0

Trust: 0.6

sources: CNVD: CNVD-2020-41339

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-41339
value: HIGH

Trust: 0.6

CNVD: CNVD-2020-41339
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-41339

PATCH

title:Advantech WebAccess SCADA drawsrv.dll has a file upload vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/222193

Trust: 0.6

sources: CNVD: CNVD-2020-41339

EXTERNAL IDS

db:CNVDid:CNVD-2020-41339

Trust: 0.6

sources: CNVD: CNVD-2020-41339

SOURCES

db:CNVDid:CNVD-2020-41339

LAST UPDATE DATE

2022-05-04T09:08:59.438000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-41339date:2020-07-23T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-41339date:2020-08-01T00:00:00