Advantech Clears WebAccess Vulnerability

Wednesday, February 15, 2017 @ 11:02 AM gHale

Taiwan-based Advantech released a new version to fix a DLL Hijacking vulnerability in its WebAccess product, according to a report with ICS-CERT.

Advantech WebAccess Versions 8.1 and prior suffer from the issue, discovered Li MingZheng Kuangn, who then tested the patch.

Geutebrück IP Camera Issue Fix
Siemens Mitigates APOGEE Insight Issue
Rockwell Updates Buffer Overflow Fix
Siemens Clears SIMATIC Logon Hole

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the system.

The DLL hijacking vulnerability could allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.

CVE-2017-5175 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.

An attacker with low skill level would be able to exploit this vulnerability. The WebAccess product sees use mainly in the critical manufacturing sector. The product sees action in Taiwan, the United States and Europe.

Advantech released a new version of WebAccess to address the reported vulnerability. Click here to download WebAccess Version 8.2.

Leave a Reply

You must be logged in to post a comment.