Advantech WebAccess Remote Code Execution Vulnerability (CVE-2014-2365)
Release date:
Updated on:
Affected Systems:
Advantech WebAccess HMI/SCADA <7.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68718
CVE (CAN) ID: CVE-2014-2365
WebAccess HMI/SCADA software provides remote control and management, allowing you to easily view and configure automation devices in the facility management system, power station and building automation system.
A remote code execution vulnerability exists in versions earlier than Advantech WebAccess 7.2. authenticated remote users can exploit this vulnerability to execute arbitrary code in the context of the affected application.
<* Source: Dave Weinstein
Tom Gallagher
John Leitch
Link: http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Advantech
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://webaccess.advantech.com/product.php
This article permanently updates the link address: