CVE Vulnerabilities

CVE-2018-10591

Origin Validation Error

Published: May 15, 2018 | Modified: Nov 21, 2024
CVSS 3.x
6.1
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users.

Weakness

The product does not properly verify that the source of data or communication is valid.

Affected Software

Name Vendor Start Version End Version
Webaccess Advantech * 8.2_20170817 (including)

References