SecPod Research Team member (Antu Sanadi) has found Persistence Cross-Site Scripting Vulnerability in Advantech WebAccess HMI/SCADA. The vulnerability is caused by improper validation ‘ProjDesc’ parameter in ‘broadWeb/include/gAddNew.asp’ (when tableName=pProject set). This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
More information can be found here.
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team
[…] Sanadi SecPod Technologies (www.secpod.com)# Vendor : http://webaccess.advantech.com/# Advisory : https://www.secpod.com/blog/?p=569# http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_…# Software : Advantech […]
[…] Sanadi SecPod Technologies (www.secpod.com)# Vendor : http://webaccess.advantech.com/# Advisory : https://www.secpod.com/blog/?p=569# http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_…# Software : Advantech […]
I want to learn Hmi