Severity
Medium
Analysis Summary
CVE-2021-38431
An authenticated user can use API functions to disclose project names and paths from other users.
Impact
- Unauthorized Access
Affected Vendors
- Advantech
Affected Products
- WebAccess/SCADA: Versions 9.0.3 and prior
Remediation
Refer to CERT-ICS Advisory for the patch, upgrade, or suggested workaround information.