Cisco Talos recently discovered two vulnerabilities in the Advantech WebAccess/SCADA software package. An adversary could exploit each of these vulnerabilities to disclose sensitive information and elevate their privileges on the targeted system. This software package allows users to perform data visualization and supervisory controls over internet-of-things and operational technology devices. The vulnerabilities were discovered by Yuri Kramarz, who discovered the vulnerability. In accordance with our coordinated disclosure policy, Cisco is disclosing these vulnerabilities despite Adantech not confirming a fix.”]
Source: https://blog.talosintelligence.com/2021/02/advantech-web-access-scada.html

