Security News > 2018 > September > Advantech WebAccess RCE flaw still exploitable, exploit code available
2018-09-11 11:00
A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems. The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise. And what’s even worse, an exploit for it that works out-of-the-box has been available online for nearly six months. About CVE-2017-16720 In January 2018, Advantech … More → The post Advantech WebAccess RCE flaw still exploitable, exploit code available appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5kL-Qb9gx90/
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-05 | CVE-2017-16720 | Path Traversal vulnerability in Advantech Webaccess A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. | 10.0 |