ICSA-18-135-01 · Published 2018-05-15 · View on CISA ICS-CERT ↗

Advantech WebAccess

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the host and/or target, execute arbitrary code, or delete files.

CVEs (11)

CVE-2018-7501 CVE-2018-10590 CVE-2018-7505 CVE-2018-7503 CVE-2018-10589 CVE-2018-7499 CVE-2018-8845 CVE-2018-7497 CVE-2018-7495 CVE-2018-10591 CVE-2018-8841

Remediations

Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities.

Affected Vendors

Advantech

Affected Products (5)

Advantech · WebAccess <= 8.3.0

Advantech · WebAccess/NMS <= 2.0.3

Advantech · WebAccess Dashboard <=2.0.15

Advantech · WebAccess <= 8.2_20170817

Advantech · WebAccess Scada Node < 8.3.1

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more