CVE-2021-22669

Summary

Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.

Affected Software

VendorProductVersion RangeStatus
n/aAdvantech WebAccess/SCADAWebAccess/SCADA Versions 9.0.1 and prioraffected

Weaknesses

  • CWE-732: INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732

ADP Enrichment

CVE Program Container

Additional References

References