Security News > 2018 > September > Advantech WebAccess RCE flaw still exploitable, exploit code available

Advantech WebAccess RCE flaw still exploitable, exploit code available
2018-09-11 11:00

A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems. The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise. And what’s even worse, an exploit for it that works out-of-the-box has been available online for nearly six months. About CVE-2017-16720 In January 2018, Advantech … More → The post Advantech WebAccess RCE flaw still exploitable, exploit code available appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/5kL-Qb9gx90/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2018-01-05 CVE-2017-16720 Path Traversal vulnerability in Advantech Webaccess
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier.
network
low complexity
advantech CWE-22
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Advantech 27 0 60 108 77 245