You are here

Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

Advantech WISE-PaaS/RMM (ICSA-19-304-01) – Products Used in the Water and Wastewater and Energy Sectors

Created: Friday, November 1, 2019 - 16:24
Categories:
Cyber Security

CISA has published an advisory on path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech WISE-PaaS/RMM. Versions 3.3.29 and prior are affected. Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability. Advantech phased out WISE-PaaS/RMM in July of 2019 and replaced this product with EdgeSense and DeviceOn. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.