CVE-2021-38431

MEDIUM

Advantech WebAccess SCADA <9.0.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-01

Scores

CVSS v3 4.3
EPSS 0.0013
EPSS Percentile 32.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-862
Status published
Products (1)
advantech/webaccess_scada < 9.0.3
Published Oct 15, 2021
Tracked Since Feb 18, 2026