Advantech WebAccess prior to 8.1 allows remote malicious users to execute arbitrary code via vectors involving a browser plugin.
advantech webaccess