The NCCIC has published an advisory on Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, and Untrusted Pointer Dereference vulnerabilities in Advantech WebAccess/SCADA. Versions 8.3.5 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, deletion of files, and remote code execution. Advantech has released Version 8.4.1 of WebAccess/SCADA to address the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!