A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.
Advantech WebAccess/SCADA 9.0.1
Advantech WebAccess/SCADA is an HTML5-based software package used to perform data visualization and supervisory controls over IoT/OT devices. It collects, parses and distributes data using MQTT.
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.
The following request is a Proof-of-Concept for retrieving “win.ini” file form remote system.
