Wednesday, August 14, 2013

ICS-CERT Closes Advantech Alert

Late yesterday the DHS ICS-CERT closed out a January 2013 alert for a cross-site scripting vulnerability in Advantech WebAccess by publishing an advisory outlining the mitigation efforts of Advantech to address the vulnerability. The original disclosure was made by Sanadi Antu of SecPod Technologies. ICS-CERT credits this as an uncoordinated disclosure but the SecPod Technologies site claims to have notified Advantech of the vulnerability on December 12, 2012.

ICS-CERT notes that a relatively skilled attacker would be able to use the publicly available exploit to remotely execute arbitrary HTML code on the affected systems. The Advantech security page notes that all versions of WebAccess are vulnerable and that a new patch is available.

BTW: This seems to be the last publicly released vulnerability reported by SecPod Technologies.

No comments:

/* Use this with templates/template-twocol.html */