HMI Vulnerabilities Released

Tuesday, September 13, 2011 @ 04:09 PM gHale


There are two vulnerabilities out affecting the Advantech BroadWin WebAccess Client 1.0.0.10, a web browser-based human-machine interface (HMI) product.

The public disclosure indicated these vulnerabilities are remotely exploitable, according to ICS-CERT, which has contacted and is coordinating this information with Advantech to validate and confirm this report.

RELATED STORIES
Holes Found in Siemens WinCC
SCADA Firm Suffers Vulnerabilities
One Flip Means Victims for Hackers
SCADA Security Alert: Mobile Workers

The two disclosed vulnerabilities are a format string vulnerability and a memory corruption vulnerability.

Advantech BroadWin WebAccess is a web-based HMI platform used in energy, manufacturing, and building automation applications. WebAccess has installations in several countries in Asia, North America, North Africa, and the Middle East.

Currently that is all the information that is available as ICS-CERT is continuing the investigation into the vulnerabilities.



Leave a Reply

You must be logged in to post a comment.