CISA has published an advisory on path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech WISE-PaaS/RMM. Versions 3.3.29 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.