Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

high Nessus Plugin ID 85692


The remote host is affected by multiple vulnerabilities.


The version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :

- A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session.

- A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.


Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

See Also

Plugin Details

Severity: High

ID: 85692

File Name: scada_advantech_webaccess_7_0_2011_12_20.nbin

Version: 1.111

Type: remote

Family: SCADA

Published: 8/28/2015

Updated: 7/17/2023

Risk Information


Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 12/20/2011

Vulnerability Publication Date: 12/20/2011