Industrial automation firm Advantech addressed several serious vulnerabilities in its WebAccess SCADA .

WebAccess is a browser-based software package for human-machine interfaces (HMI) and SCADA systems developed by Advantech.

The vulnerabilities affect WebAccess/SCADA Versions 8.3. and prior.

The software is widely adopted in many sectors worldwide, such as critical manufacturing, energy, and water and wastewater.

The vulnerabilities were reported to NCCIC by researchers Mat Powell and Natnael Samson (@NattiSamson) through Trend Micro’s Zero Day Initiative (ZDI).

The WebAccess is affected by three types of vulnerabilities, including two critical remote code execution flaws and one “high severity” denial-of-service (DoS) issue.

Advantech webaccess 1  - Advantech webaccess 1 - Advantech fixed code execution and DoS flaws in WebAccess softwareSecurity Affairs

Below the flaws reported by the US ICS-CERT:

The vulnerabilities were reported to the vendor in January that addressed them with the release of version 8.4.0 of WebAccess.

Pierluigi Paganini

(SecurityAffairs – Advantech, WebAccess)







Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here