Advantech WebAccess/SCADA (ICSA-19-178-05) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on Path Traversal, Stack-based Buffer Overflow, Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write, and Untrusted Pointer Dereference vulnerabilities in Advantech WebAccess/SCADA. Versions 8.3.5 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, deletion of files, and remote code execution. Advantech has released Version 8.4.1 of WebAccess/SCADA to address the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.