CVE-2021-38431

Summary

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

Affected Software

VendorProductVersion RangeStatus
AdvantechWebAccess SCADAAll <= 9.0.3affected

Weaknesses

  • CWE-862: MISSING AUTHORIZATION CWE-862

ADP Enrichment

CVE Program Container

Additional References

References