Advantech WebAccess Vulnerabilities

Act NowICS-CERT ICSA-14-198-02Apr 19, 2014

Summary

Advantech WebAccess contains multiple vulnerabilities across buffer overflow (CWE-121), information exposure (CWE-623), insufficient input validation (CWE-592), sensitive data exposure (CWE-316), and improper access control (CWE-284). All versions are affected.

What this means

What could happen

An attacker could gain unauthorized access to WebAccess, extract sensitive operational data, or execute arbitrary code to manipulate process parameters and controls in supervisory systems.

Who's at risk

Water utilities and electric utilities using Advantech WebAccess for SCADA/HMI supervisory functions. This includes operators managing remote pump stations, treatment plants, substations, or any facility relying on WebAccess for real-time monitoring and control of critical infrastructure.

How it could be exploited

An attacker with network access to the WebAccess interface could exploit the buffer overflow or access control weaknesses to bypass authentication, read sensitive configuration or historian data, or inject malicious commands into the supervisory control logic.

Prerequisites

Network access to WebAccess HTTP/HTTPS port (typically 80 or 443)
WebAccess instance must be reachable from attacker's network position

remotely exploitableno patch availablehigh EPSS score (40.2%)affects supervisory systemsmultiple vulnerability types

Exploitability

High exploit probability (EPSS 40.2%)

Affected products (1)

ProductAffected VersionsFix Status

Advantech WebAccess: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImplement firewall rules to restrict WebAccess access to authorized engineering workstations and administrative networks only; block external/untrusted access to WebAccess HTTP/HTTPS ports

HARDENINGRequire strong authentication credentials for all WebAccess user accounts; disable default accounts if present

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor WebAccess logs for suspicious authentication attempts, buffer overflow payloads, or unusual data access patterns

Mitigations - no patch available

0/2

Advantech WebAccess: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGDeploy WebAccess instances on isolated OT network segments separated from corporate and external networks using air-gapping or demilitarized zones (DMZ)

HARDENINGEvaluate replacement or retirement of affected WebAccess instances if patch availability is critical to your operations; contact Advantech for end-of-life product options

CVEs (5)

CVE-2014-2364 CVE-2014-2368 CVE-2014-2367 CVE-2014-2366 CVE-2014-2365

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a1fb51b6-22f9-4d60-b408-14d3ead96771