Security News > 2018 > September > Advantech WebAccess RCE flaw still exploitable, exploit code available

A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems. The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise. And what’s even worse, an exploit for it that works out-of-the-box has been available online for nearly six months. About CVE-2017-16720 In January 2018, Advantech … More → The post Advantech WebAccess RCE flaw still exploitable, exploit code available appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/5kL-Qb9gx90/