ICSA-20-098-01 · Published 2020-04-07 · View on CISA ICS-CERT ↗

Advantech WebAccess/NMS

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to gain remote code execution, upload files, delete files, cause a denial-of-service condition, and create an admin account for the application.

CVEs (8)

CVE-2020-10621 CVE-2020-10617 CVE-2020-10623 CVE-2020-10619 CVE-2020-10631 CVE-2020-10625 CVE-2020-10629 CVE-2020-10603

Remediations

Advantech recommends updating to Version 3.0.2

Affected Vendors

Advantech

Affected Products (1)

Advantech · WebAccess/NMS < 3.0.2

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more