Advantech WebAccess CVE-2018-7497 – Execute arbitrary code

Authors:Trend Micro             Risk:High

CVE:CVE-2018-7497              0day:Execute arbitrary code 

0day -id:0DAY-176190            Date:2018-05-16

Description

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.

MITIGATIONS

Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. Users can download the latest version of WebAccess at the following location:

http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Leave a Reply