Security News > 2018 > September > Advantech WebAccess RCE flaw still exploitable, exploit code available
2018-09-11 11:00
A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems. The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise. And what’s even worse, an exploit for it that works out-of-the-box has been available online for nearly six months. About CVE-2017-16720 In January 2018, Advantech … More → The post Advantech WebAccess RCE flaw still exploitable, exploit code available appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5kL-Qb9gx90/
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- PoC exploit for SysAid pre-auth RCE released, upgrade quickly! (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-05 | CVE-2017-16720 | Path Traversal vulnerability in Advantech Webaccess A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. | 9.8 |