Advantech WebAccess

Act Now9.8ICS-CERT ICSA-17-012-01Jan 12, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess versions prior to 8.2 contain SQL injection (CWE-89) and input validation (CWE-592) vulnerabilities. These allow remote attackers without credentials to inject malicious SQL commands and manipulate application logic via specially crafted HTTP requests. The vulnerabilities affect the core database query handling and application input processing in WebAccess.

What this means

What could happen

An attacker can inject SQL commands or manipulate application behavior through unvalidated input, potentially gaining unauthorized access to the WebAccess database or executing arbitrary code that controls your monitored equipment and processes.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Advantech WebAccess for remote monitoring and management of SCADA systems and industrial control devices should prioritize patching. Any facility that uses WebAccess as a central portal for equipment oversight is at risk.

How it could be exploited

An attacker sends a crafted HTTP request to WebAccess (port 80/443 typical) containing SQL injection or malformed data. The application fails to validate the input before using it in database queries or application logic, allowing the attacker to read, modify, or delete data, or execute commands on the server.

Prerequisites

Network access to WebAccess web interface (typically port 80 or 443)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects monitoring and control systems

Exploitability

Moderate exploit probability (EPSS 1.3%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess:8.18.2

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to WebAccess interfaces using a firewall; limit access to authorized engineering workstations and operator consoles only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Advantech WebAccess from version 8.1 to version 8.2 or later

Long-term hardening

0/1

HARDENINGSegment WebAccess servers onto a separate network from production control systems and external networks

CVEs (2)

CVE-2017-5154 CVE-2017-5152

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/10eae4be-2dc7-412e-b5c4-d8ad50c3d61d