Today the DHS ICS-CERT published an alert for a cross-site
scripting vulnerability in the Advantech WebAccess product [added product name 1-10-13, 06:45 EST] reported by Antu
Sanadi of SecPod Technologies (This link was not provided in the alert.) in
an uncoordinated disclosure. There may have been an attempt at a disclosure
here as the alert describes the report as being released “without successful
coordination of the vendor”, but there is nothing on the SecPod site that
indicates a coordinated disclosure had been attempted.
The alert notes that the vulnerability is remotely
exploitable and could lead to the execution of arbitrary code, the bypass of
protection mechanisms and the reading of application data. Proof of concept
code is available on the SecPod site.
Posts
No comments:
Post a Comment