Advantech Fixes WebAccess Hole

Thursday, May 4, 2017 @ 02:05 PM gHale

Advantech produced a new version to mitigate an absolute path traversal vulnerability in its WebAccess product, according to a report with ICS-CERT.

WebAccess Version 8.1 and prior suffer from the remotely exploitable vulnerability, discovered Zhou Yu working with Trend Micro’s Zero Day Initiative. Zhou Yu tested the new software and validated that it mitigates the vulnerability.

Rockwell Mitigates Issues with PACs
Advantech B+B SmartWorx Gateway Hole
CyberVision IoT Platform Vulnerability
Wonderware Clears Historian Client Hole

Successful exploitation of this vulnerability could allow the attacker to traverse the file system and gain access to files or directories, which could result in the device becoming unavailable.

No known public exploits specifically target this vulnerability. An attacker with a low skill level could leverage the vulnerability.

The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.

CVE-2017-7929 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1.

The product sees use in the critical manufacturing sector. It sees use mainly in Taiwan, the United States and Europe.

Taiwan-based Advantech has produced WebAccess Version 8.2_20170330 to mitigate this vulnerability. Click here to download the new version.

Leave a Reply

You must be logged in to post a comment.