Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks.
Exploiting the vulnerabilities would be a challenge, however, according to an advisory published Tuesday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
ICS-CERT said the flaws patched in versions prior to 8.1_20160519 would require an attacker to entice the victim to accept a crafted DLL and load it, decreasing the chances the bugs could be exploited.
“These vulnerabilities are not exploitable remotely and cannot be exploited without user interaction,” ICS-CERT said in its advisory. “The exploit is only triggered when a local user runs the vulnerable application, which in certain scenarios can cause it to load a DLL file from an untrusted source.”