CVE-2021-38431 is a vulnerability in Advantech Webaccess Scada
Published on October 15, 2021

Advantech WebAccess SCADA
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

NVD

Vulnerability Analysis

CVE-2021-38431 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2021-38431 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2021-38431

Want to know whenever a new CVE is published for Advantech Webaccess Scada? stack.watch will email you.

Advantech Webaccess Scada

Affected Versions

Advantech WebAccess SCADA:

Version All, <= 9.0.3 is affected.

Exploit Probability

EPSS

0.10%

Percentile

27.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-38431 is a vulnerability in Advantech Webaccess ScadaPublished on October 15, 2021

Vulnerability Analysis

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2021-38431

Affected Versions

Exploit Probability

CVE-2021-38431 is a vulnerability in Advantech Webaccess Scada
Published on October 15, 2021