Your one-stop web resource providing safety and security information to manufacturers

Advantech has a new version to mitigate an improper input validation in its WebAccess/SCADA, according to a report with NCCIC.

Successful exploitation of this vulnerability could cause a stack buffer overflow condition.

RELATED STORIES
ABB Working to Fix Safety Gateway Holes
Medtronic Mitigation Plan for Devices
Schneider Upgrade for Electric GUIcon Hole
Siemens Fixes Input Validation Holes

A SCADA software platform, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1 suffers from the remotely exploitable vulnerability, discovered by Jacob Baines of Tenable Network Security.

Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

Cyber Security

CVE-2018-18999 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use in the critical manufacturing, energy, and water and wastewater systems sectors.

The product sees action in East Asia, United States, Europe.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Taiwan-based Advantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA (registration required).

Pin It on Pinterest

Share This