Release date:
Updated on: 2013-01-10
Affected Systems:
Advantech WebAccess HMI/SCADA 7.0-2012.12.05
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57178
WebAccess HMI/SCADA software provides remote control and management, allowing you to easily view and configure automation devices in the facility management system, power station and building automation system.
Advantech WebAccess HMI/SCADA 7.0-2012.12.05 and other versions have the HTML injection vulnerability, which can cause attackers to execute HTML or JS code in the context of the affected site.
<* Source: Antu Sanadi
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Advantech
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://webaccess.advantech.com/product.php