CVE-2021-38431: Advantech WebAccess SCADA
First published: Fri Oct 15 2021(Updated: )
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advantech WebAccess SCADA | <=9.0.3 | |
| Advantech WebAccess/SCADA | <=9.0.3 |
Remedy
Advantech recommends users upgrade to v9.1.1 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38431 vulnerability?
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can utilize API functions to reveal project names and paths from other users.
How severe is CVE-2021-38431?
The severity of CVE-2021-38431 is considered medium with a CVSS score of 4.3.
How can I mitigate CVE-2021-38431?
To mitigate CVE-2021-38431, users should update Advantech WebAccess SCADA to version 9.0.4 or later.
What is the CWE associated with CVE-2021-38431?
The CWE associated with CVE-2021-38431 is CWE-862.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/softwarecombine
- agent/title
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- vendor/advantech
- canonical/advantech webaccess scada
- version/advantech webaccess scada/9.0.3
- canonical/advantech webaccess/scada
- version/advantech webaccess/scada/9.0.3