A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, allows attackers to remotely executed commands with administrator privileges on vulnerable systems.
The flaw (CVE-2017-16720) was supposed to be and was purportedly patched, but Tenable researchers claim otherwise. And what’s even worse, an exploit for it that works out-of-the-box has been available online for nearly six months.
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access![[correlate]](/data/avatars/s/79/79653.jpg?1556985072)
Critical PHP RCE vulnerability mass exploited in new attacks