Late yesterday the DHS ICS-CERT closed out a January
2013 alert for a cross-site scripting vulnerability in Advantech WebAccess
by publishing an advisory outlining the mitigation efforts of Advantech to
address the vulnerability. The original
disclosure was made by Sanadi Antu of SecPod Technologies. ICS-CERT credits
this as an uncoordinated disclosure but the SecPod Technologies site claims to
have notified Advantech of the vulnerability on December 12, 2012.
ICS-CERT notes that a relatively skilled attacker would be
able to use the publicly available exploit to remotely execute arbitrary HTML
code on the affected systems. The Advantech security page notes that
all versions of WebAccess are vulnerable and that a new patch is available.
BTW: This seems to be the last publicly released
vulnerability reported by SecPod Technologies.
Posts
No comments:
Post a Comment