Advantech DiagAnywhere Server (ICSA-19-346-01) – Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a stack-based buffer overflow vulnerability in Advantech DiagAnywhere Server. Versions 3.07.11 and prior are affected. Successful exploitation of this vulnerability may allow remote code execution. Advantech has phased out DiagAnywhere Server Version 3.07.11 and removed it from its website. It has released Version 3.07.14 of DiagAnywhere Server to address the reported vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.