Advantech has a new version to mitigate an improper input validation in its WebAccess/SCADA, according to a report with NCCIC.
Successful exploitation of this vulnerability could cause a stack buffer overflow condition.
A SCADA software platform, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1 suffers from the remotely exploitable vulnerability, discovered by Jacob Baines of Tenable Network Security.
Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.
CVE-2018-18999 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.
The product sees use in the critical manufacturing, energy, and water and wastewater systems sectors.
The product sees action in East Asia, United States, Europe.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Taiwan-based Advantech has released Version 8.3.4 of WebAccess/SCADA to address the reported vulnerability. Users can download the latest version of WebAccess/SCADA (registration required).