DHS warns of another dangerous flaw in Advantech WebAccess SCADA software

23 October 2018

The US DHS Industrial Control Systems CERT (ICS-CERT) has warned organizations using Advantech’s ICS products to install an update that kills a remotely exploitable flaw in its WebAccess software. WebAccess is the Taiwanese company’s browser-based SCADA software for monitoring remote field devices. It’s known among security researchers as a type of SCADA Human Machine Interface (HMI) system and has been the focus of security research in part because of its use of Microsoft’s implementation of distributed computing protocol, Remote Procedure Call (RPC). A researcher at Trend Micro discovered multiple vulnerabilities in WebAccess, the worst of which is a stack-based bugger overflow, tracked as CVE-2018-14816, that has a CVSS version 3 score of 9.8 out of a possible 10.

Read full news article on CSO

Date:

23 October 2018

Categorie(s):

NEWS

Tag(s):

Advantech, DHS, SCADA

With its new iPad, Apple’s Empire strikes back6 May 2024
Malware campaign attempts abuse of defender binaries6 May 2024
Microsoft unveils new security features for SOC teams to combat insider threats6 May 2024
BigID launches new hybrid scanning technology for enhance cloud data management6 May 2024
At RSA, Cisco launches bolsters in Security Cloud, built on Hypershield and Splunk6 May 2024