17 May 2018
Multiple vulnerabilities closed in Advantech WebAccess
Multiple serious vulnerabilities have been closed in Advantech’s WebAccess SCADA/HMI solution. Their exploitation could lead to sensitive information disclosure, arbitrary code execution and file deletion. The vulnerabilities can be exploited remotely by an attacker without high-level skills.
The security issue affects the following product versions:
- WebAccess versions V8.2_20170817 and earlier;
- WebAccess versions V8.3.0 and earlier;
- WebAccess Dashboard versions V.2.0.15 and earlier;
- WebAccess Scada Node versions prior to 8.3.1;
- WebAccess/NMS 2.0.3 and prior.
The vendor has released version 8.3.1, which is not affected by these vulnerabilities.
All in all, the vendor has closed 11 vulnerabilities, the most critical of which (CVSS v.3 base score of 9.8) are path traversal, buffer overflow, improper authorization and untrusted pointer dereference.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021