Marlon Luis Petry

**Name of the Vulnerable Software and Affected Versions** Advantech WebAccess version 8.4.5 **Description** The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file, potentially allowing the attacker to execute arbitrary code and gain full control of the SCADA server. **Recommendations** For Advantech WebAccess version 8.4.5, consider restricting access to loading .zip files until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mySCADA myPRO version 8.26.0 **Description** The issue is related to the lack of input data sanitization in the mySCADA myPRO system, which can be exploited by a remote attacker to execute arbitrary commands. An authenticated user of mySCADA myPRO may be able to modify parameters to run commands directly in the operating system. **Recommendations** For mySCADA myPRO version 8.26.0, consider restricting access to the system to prevent authenticated users from modifying parameters that could lead to command execution in the operating system. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.