[Control System] Advantech WebAccess security update

Number: AV18-085
Date: 17 May 2018

Purpose

Advantech WebAccess Security Update

Assessment

Advantech has released updates to address eight vulnerabilities, including but not limited to, SQL injection, improper authorization AuthorizationAccess privileges granted to a user, program, or process. , and path traversal in the WebAccess products.
Exploitation of these vulnerabilities may allow a remote unauthenticated user to disclose sensitive information from the host, execute arbitrary code, or delete files.

Affected Versions:

  • WebAccess versions V8.2_20170817 and prior
  • WebAccess versions V8.3.0 and prior
  • WebAccess Dashboard versions V.2.0.15 and prior
  • WebAccess Scada Node versions prior to 8.3.1
  • WebAccess/NMS 2.0.3 and prior

Suggested Action

CCIRC recommends that owners/operators test and deploy the vendor released update.

References:

Date modified: