Advantech Clears WebAccess Vulnerability
Wednesday, February 15, 2017 @ 11:02 AM gHale
Taiwan-based Advantech released a new version to fix a DLL Hijacking vulnerability in its WebAccess product, according to a report with ICS-CERT.
Advantech WebAccess Versions 8.1 and prior suffer from the issue, discovered Li MingZheng Kuangn, who then tested the patch.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system.
The DLL hijacking vulnerability could allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVE-2017-5175 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.
An attacker with low skill level would be able to exploit this vulnerability. The WebAccess product sees use mainly in the critical manufacturing sector. The product sees action in Taiwan, the United States and Europe.
Advantech released a new version of WebAccess to address the reported vulnerability. Click here to download WebAccess Version 8.2.
Leave a Reply
You must be logged in to post a comment.