If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server.
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.