There are two vulnerabilities out affecting the Advantech BroadWin WebAccess Client 188.8.131.52, a web browser-based human-machine interface (HMI) product.
The public disclosure indicated these vulnerabilities are remotely exploitable, according to ICS-CERT, which has contacted and is coordinating this information with Advantech to validate and confirm this report.
The two disclosed vulnerabilities are a format string vulnerability and a memory corruption vulnerability.
Advantech BroadWin WebAccess is a web-based HMI platform used in energy, manufacturing, and building automation applications. WebAccess has installations in several countries in Asia, North America, North Africa, and the Middle East.
Currently that is all the information that is available as ICS-CERT is continuing the investigation into the vulnerabilities.