Advantech SUSIAccess Server Vulnerabilities

Act Now8.4ICS-CERT ICSA-16-336-04Sep 4, 2016

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech SUSIAccess Server versions 3.0 and earlier contain multiple local privilege escalation and information disclosure vulnerabilities. An attacker with local access can exploit path traversal (CWE-22) to read sensitive system files, extract hard-coded credentials (CWE-798), and access confidential information (CWE-200). These vulnerabilities could allow unauthorized access to industrial control systems and compromise connected devices that depend on the server for authentication or management functions.

What this means

What could happen

An attacker with local access to the SUSIAccess Server could read sensitive files, access hard-coded credentials, or modify system files, potentially compromising other connected systems and industrial equipment on the network.

Who's at risk

Water utilities and electric utilities using Advantech SUSIAccess Server for remote access or authentication to engineering workstations, SCADA servers, or other OT infrastructure. Also affects any industrial facility using this server to manage credentials or access to control systems and field devices.

How it could be exploited

An attacker with local access to the server can exploit path traversal (CWE-22) to read arbitrary files, exploit information disclosure (CWE-200) to extract hard-coded credentials (CWE-798), and use those credentials or file modifications to gain unauthorized access to downstream OT systems and devices that rely on the SUSIAccess Server for authentication or integration.

Prerequisites

Physical or local network access to SUSIAccess Server
No authentication required for exploitation
Access to the server file system or web interface

No authentication requiredLow complexity exploitationNo patch availableHigh EPSS score (23.7%)Hard-coded credentials present

Exploitability

High exploit probability (EPSS 23.7%)

Affected products (1)

ProductAffected VersionsFix Status

SUISAccess Server: <=3.0≤ 3.0No fix yet

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGIsolate SUSIAccess Server from untrusted networks using network segmentation and firewall rules; restrict access to authorized personnel and systems only

HARDENINGImplement local access controls and disable unused services on SUSIAccess Server to reduce attack surface

HARDENINGMonitor SUSIAccess Server logs for suspicious file access, failed authentication attempts, and credential exposure indicators

WORKAROUNDRotate or reset credentials for accounts managed by or integrated with SUSIAccess Server, especially any hard-coded credentials

Long-term hardening

0/1

HARDENINGEvaluate migration to a patched or newer access control solution, as Advantech has not announced a fix for version 3.0 and earlier

CVEs (3)

CVE-2016-9349 CVE-2016-9351 CVE-2016-9353

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0fb3dfa0-f725-4ca2-ac51-2a76fcaf6c5b