Advantech WebAccess Vulnerabilities

Low RiskICS-CERT ICSA-14-261-01Jun 21, 2014

Summary

Advantech WebAccess 7.2 contains a buffer overflow vulnerability (CWE-119) that allows remote code execution on systems running the application. The vulnerability is remotely exploitable and affects organizations using WebAccess for SCADA and industrial process monitoring. No vendor patch is available for this version.

What this means

What could happen

An attacker with network access to WebAccess could execute arbitrary code with the privileges of the WebAccess application, potentially allowing them to modify process data, alter alarm thresholds, or disrupt monitoring and control of critical infrastructure systems.

Who's at risk

Water utilities and electric utilities using Advantech WebAccess 7.2 for SCADA monitoring and control systems. Specifically affects organizations relying on WebAccess for remote plant operations, alarm management, and data visualization.

How it could be exploited

An attacker would exploit a buffer overflow vulnerability (CWE-119) in WebAccess 7.2 by sending a specially crafted network request to the application. If successful, this allows arbitrary code execution on the machine running WebAccess.

Prerequisites

Network access to the WebAccess application port
WebAccess 7.2 running and accessible

remotely exploitablebuffer overflow vulnerabilityno patch availableaffects critical infrastructure monitoring

Exploitability

Moderate exploit probability (EPSS 1.7%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess: 7.27.2No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to WebAccess to only authorized engineering and monitoring stations

WORKAROUNDDisable or limit remote access to WebAccess if not operationally necessary

Mitigations - no patch available

0/2

WebAccess: 7.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor WebAccess logs for suspicious activity or unexpected code execution attempts

HARDENINGEvaluate upgrading to a newer version of Advantech software that addresses this vulnerability

CVEs (8)

CVE-2014-0985 CVE-2014-0986 CVE-2014-0987 CVE-2014-0988 CVE-2014-0989 CVE-2014-0990 CVE-2014-0991 CVE-2014-0992

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bced5a88-91c3-4630-8a83-6dfad191ae08