- #CITECT HISTORIAN WEBCLIENT 4.5 SOFTWARE#
- #CITECT HISTORIAN WEBCLIENT 4.5 CODE#
- #CITECT HISTORIAN WEBCLIENT 4.5 PASSWORD#
#CITECT HISTORIAN WEBCLIENT 4.5 PASSWORD#
Exposure of these files to an attacker can make the system vulnerable to password decryption attacks. Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all versions), EcoStruxure Geo SCADA Expert 2019 (all versions), and EcoStruxure Geo SCADA Expert 2020 (V83.7742.1 and prior), which could cause the revealing of account credentials when server database files are available.
#CITECT HISTORIAN WEBCLIENT 4.5 CODE#
WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). An unauthenticated attacker with the web access is able to extract critical information from the system.Īn authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.Īdvantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.Īdvantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system.
#CITECT HISTORIAN WEBCLIENT 4.5 SOFTWARE#
If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.ĭue to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability.
is vulnerable to a control bypass and path traversal.