exploitDog

CVE-2021-22669

Опубликовано: 26 апр. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02
Third Party Advisory
US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:advantech:webaccess\/scada:*:*:*:*:*:*:*:*

Версия до 9.0.1 (включая)

EPSS

Процентиль: 38%

0.00169

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-fx4x-q794-whc6

github

больше 3 лет назад

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.

EPSS

Процентиль: 38%

0.00169

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-732