Intrusion Prevention

Advantech.WebAccess.webvrpcs.Service.DrawSrv.Code.Execution

Description

This indicates an attack attempt against a Code Execution vulnerability in the Advantech WebAccess.
This issue is caused by an error in the DrawSrv subsystem when handling malicious client requests. An attacker can exploit this to execute arbitrary code on vulnerable systems by sending a specially crafted client request.

Affected Products

Advantech WebAccess 8.2_20170330
Advantech WebAccess 8.2
Advantech WebAccess 8.1_20160519
Advantech WebAccess 8.1
Advantech WebAccess 8.0_20150816
Advantech WebAccess 8
Advantech WebAccess 7.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://www.advantech.com/industrial-automation/webaccess

CVE References

CVE-2017-12719