Advantech industrial communication devices vulnerable to remote code execution

Industrial computer manufacturer Advantech has fixed a critical vulnerability in a series of devices that handle data communication for industrial equipment with serial connections and TCP/IP networks.

The vulnerability was discovered by researchers from Core Security in the firmware of Advantech EKI-1200 series and ADAM-4572 devices, which are known as Modbus gateways.

The flaw is a buffer overflow in a CGI script and can be exploited remotely by attackers to execute arbitrary code on the device, the Core researchers said in an advisory published Monday.

To read this article in full or to leave a comment, please click here

Read more: Advantech industrial communication devices vulnerable to remote code execution

Story added 10. February 2015, content source with full text you can find at link above.