March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – ICS: Delta Industrial Automation Security Zero-Day Vulnerabilities
August 9, 2021Rewterz Threat Advisory – ICS: Siemens Automation License Manager Vulnerability
August 10, 2021Rewterz Threat Advisory – ICS: Delta Industrial Automation Security Zero-Day Vulnerabilities
August 9, 2021Rewterz Threat Advisory – ICS: Siemens Automation License Manager Vulnerability
August 10, 2021
Severity
High
Analysis Summary
CVE-2021-22676
UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could allow an attacker to send malicious JavaScript code. This could result in hijacking of cookie/session tokens, redirection to a malicious webpage, and unintended browser action.
CVE-2021-22674
The affected product is vulnerable to a relative path traversal condition, which may allow an attacker access to unauthorized files and directories.
CVE-2021-32943
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
Impact
- Code Execution
- Unauthorized Access
- Information Theft
Affected Vendors
Advantech
Affected Products
- WebAccess/SCADA versions prior to 8.4.5
- WebAccess/SCADA versions prior to 9.0.1
Remediation
Upgrade to the latest version of WedAccess/SCADA (9.0.1 or later ), and refer to the vendor website for more information on affected products, patches, and upgrades.