CISA has published an advisory on path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech WISE-PaaS/RMM. Versions 3.3.29 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
Thank you to everyone who helped make H2OSecCon Spring 2024 happen! As noted during the event, WaterISAC intends to conduct another H2OSecCon this year, so stay tuned for updates!