A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems. The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise.
Read full news article on Help Net Security