← back
CVE-2021-32951

Advantech WebAccess/NMS Improper Authentication

CVSS 5.3 MEDIUMEPSS 0.9%CWE-287
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Oct 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Advantech · WebAccess/NMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-21-229-02