CVE-2023-2866

Name of the Vulnerable Software and Affected Versions Advantech WebAccess version 8.4.5

Description The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file, potentially allowing the attacker to execute arbitrary code and gain full control of the SCADA server.

Recommendations For Advantech WebAccess version 8.4.5, consider restricting access to loading .zip files until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.