MILLIONS OF SCADA DEVICES AFFECTED BY ADVANTECH VULNERABILITIES

Cybersecurity specialists revealed a report on multiple security vulnerabilities in Avantech affecting millions of SCADA devices. Successful exploiting of these failures would allow a threat actor to execute remote code, upload files, delete files, generate denial-of-service conditions, and create an administrator account for the application.

Below is a brief overview of each of the vulnerabilities found during the investigation, alongside their CVSS key.

CVE-2020-10621: Unrestricted file upload with dangerous type cwe-434. There are multiple problems that allow you to upload and run files on the system. The vulnerability has received a score of 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale.

CVE-2020-106173: Incorrect neutralization of special items used in an SQL command (SQL INJECTION). There are multiple ways an unauthenticated hacker could perform a SQL injection to access sensitive information. This failure received a score of 7.5/10 on CVSS.

continue readinghttps://www.exploitone.com/cyber-security/millions-of-scada-devices-affected-by-advantech-vulnerabilities/

Cyber Security News | Exploit One | Hacking News

Search This Blog

LIKE TIKTOK, LINKEDIN IS SPYING ON WHAT YOU TYPE IN THE PHONE THROUGH THE CLIPBOARD

MILLIONS OF SCADA DEVICES AFFECTED BY ADVANTECH VULNERABILITIES

Comments

Post a Comment