Advantech WebAccess Vulnerabilities
Advantech WebAccess versions prior to 7.0 contain multiple critical vulnerabilities including cross-site scripting (CWE-79), SQL injection (CWE-89), cross-site request forgery (CWE-352), information disclosure (CWE-200), buffer overflows (CWE-119), broken authentication (CWE-287), and insecure access control (CWE-284). These vulnerabilities could allow remote attackers to execute arbitrary code, bypass authentication, access sensitive data, or disrupt application availability without requiring valid credentials or high technical complexity.
- Network access to WebAccess web interface (typically port 80/443)
- For some exploits, ability to craft malicious input in web forms or URL parameters
- For some exploits, knowledge of database structure
Patching may require device reboot — plan for process interruption
/api/v1/advisories/317e8c54-6ddb-4fb2-80c0-a401e2120080Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.