Sign-up

ID

VAR-202008-1269


TITLE

Advantech (China) Co., Ltd. WebAccess SCADA has an arbitrary file deletion vulnerability

Trust: 0.6

sources: CNVD: CNVD-2020-41340

DESCRIPTION

Advantech WebAccess SCADA is a browser-based SCADA software package for supervisory control, data acquisition and visualization. It is used to automatically execute complex industrial processes in the case of remote operation. Advantech (China) Co., Ltd. WebAccess SCADA has an arbitrary file deletion vulnerability. Attackers can use this vulnerability to delete arbitrary files.

Trust: 0.6

sources: CNVD: CNVD-2020-41340

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-41340

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess scadascope:eqversion:v9.0.0

Trust: 0.6

sources: CNVD: CNVD-2020-41340

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-41340
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-41340
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-41340

PATCH

title:Advantech WebAccess SCADA drawsrv.dll file has arbitrary file deletion vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/222197

Trust: 0.6

sources: CNVD: CNVD-2020-41340

EXTERNAL IDS

db:CNVDid:CNVD-2020-41340

Trust: 0.6

sources: CNVD: CNVD-2020-41340

SOURCES

db:CNVDid:CNVD-2020-41340

LAST UPDATE DATE

2022-05-04T10:07:26.314000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-41340date:2020-07-23T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-41340date:2020-08-01T00:00:00