Number: AV18-085
Date: 17 May 2018
Purpose
Advantech WebAccess Security Update
Assessment
Advantech has released updates to address eight vulnerabilities, including but not limited to, SQL injection, improper authorization , and path traversal in the WebAccess products.
Exploitation of these vulnerabilities may allow a remote unauthenticated user to disclose sensitive information from the host, execute arbitrary code, or delete files.
Affected Versions:
- WebAccess versions V8.2_20170817 and prior
- WebAccess versions V8.3.0 and prior
- WebAccess Dashboard versions V.2.0.15 and prior
- WebAccess Scada Node versions prior to 8.3.1
- WebAccess/NMS 2.0.3 and prior
Suggested Action
CCIRC recommends that owners/operators test and deploy the vendor released update.
References: