You are here

Advantech WebAccess (ICSA-18-296-01) – Products Used in the Water and Wastewater and Energy Sectors

Advantech WebAccess (ICSA-18-296-01) – Products Used in the Water and Wastewater and Energy Sectors

Created: Tuesday, October 23, 2018 - 14:11
Categories:
Cybersecurity

The NCCIC has released an advisory on stack-based buffer overflow, external control of file name or path, improper privilege management, and path traversal vulnerabilities in Advantech WebAccess. Versions 8.3.1 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access files and perform actions at a privileged level, or delete files on the system. Advantech has released Version 8.3.3 of WebAccess to address the reported vulnerabilities. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.