First published: Tue Aug 10 2021(Updated: )
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Advantech Webaccess\/scada | <8.4.5 | |
Advantech Webaccess\/scada | >=9.0<9.0.1 | |
Advantech WebAccess/SCADA versions prior to 8.4.5 | ||
Advantech WebAccess/SCADA versions prior to 9.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.