By Eduard Kovacs on January 13, 2017
Advantech has patched a couple of serious vulnerabilities in WebAccess, a web-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems.
The flaws, discovered by Tenable Network Security researchers and reported to the vendor via Trend Micro’s Zero Day Initiative (ZDI), allow a remote attacker to gain access to potentially sensitive information.
The vulnerabilities are tracked as CVE-2017-5154 and CVE-2017-5152, and they have been described as SQL injection and authentication bypass issues. ICS-CERT has assigned CVSS scores of 9.8 and 9.1, respectively, which puts them in the critical severity category.
Full Article
Advantech WebAccess Flaws Allow Access to Sensitive Data
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.