Advantech WebAccess/SCADA (ICSA-19-024-01) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on path traversal and improper authentication, authentication bypass, and SQL injection vulnerabilities in Advantech WebAccess/SCADA. Version 8.3 is affected. Successful exploitation of these vulnerabilities may allow an attacker to access and manipulate sensitive data. Advantech has released Version 8.3.5 of WebAccess/SCADA to address the reported vulnerabilities. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.