Advantech WebAccess HMI/SCADA Persistence Cross-Site Scripting Vulnerability

SecPod Research Team member (Antu Sanadi) has found Persistence Cross-Site Scripting Vulnerability in Advantech WebAccess HMI/SCADA. The vulnerability is caused by improper validation ‘ProjDesc’ parameter in ‘broadWeb/include/gAddNew.asp’ (when tableName=pProject set). This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

More information can be found here.

Welcome any feedback or suggestion.

Cheers!
SecPod Research Team

0 0 votes
Article Rating
Subscribe
Notify of

3 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

I want to learn Hmi