WebAccess is a browser-based software package for human-machine interfaces (HMI) and SCADA systems developed by Advantech.
The vulnerabilities affect WebAccess/SCADA Versions 8.3.5 and prior.
The software is widely adopted in many sectors worldwide, such as critical manufacturing, energy, and water and wastewater.
The vulnerabilities were reported to NCCIC by researchers Mat Powell and Natnael Samson (@NattiSamson) through Trend Micro’s Zero Day Initiative (ZDI).
The WebAccess is affected by three types of vulnerabilities, including two critical remote code execution flaws and one “high severity” denial-of-service (DoS) issue.
Below the flaws reported by the US ICS-CERT:
The vulnerabilities were reported to the vendor in January that addressed them with the release of version 8.4.0 of WebAccess.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.