Advantech WebAccess

Plan Patch7.8ICS-CERT ICSA-17-241-02Aug 29, 2017

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess versions prior to V8.2_20170817 contain multiple vulnerabilities including buffer overflows (CWE-119, CWE-121, CWE-122), SQL injection (CWE-89), improper permission enforcement (CWE-732), and authentication bypass (CWE-287). These vulnerabilities allow local attackers with user-level privileges to execute arbitrary code, alter system configurations, or access unauthorized information on systems running WebAccess.

What this means

What could happen

An attacker with local access to a WebAccess engineering workstation could exploit multiple vulnerabilities to execute arbitrary code, alter process configurations, or gain unauthorized access to ICS/SCADA systems under management. This could disrupt monitoring and control of critical plant operations.

Who's at risk

Water utilities and electric utilities that use Advantech WebAccess for SCADA/HMI engineering and plant monitoring should assess their deployment. WebAccess versions prior to V8.2_20170817 are at risk. Affected systems may include RTU programming workstations, HMI development stations, and remote monitoring consoles.

How it could be exploited

An attacker with local system access could exploit buffer overflow (CWE-119, CWE-121, CWE-122), SQL injection (CWE-89), or improper permission enforcement (CWE-732) vulnerabilities in WebAccess to run commands with the privileges of the engineering workstation. This could allow manipulation of process logic, setpoints, or monitoring dashboards for connected industrial systems.

Prerequisites

Local access to the WebAccess engineering workstation
Non-administrative user account privileges on the workstation (some vulnerabilities require local login)
WebAccess version prior to V8.2_20170817

Local access requiredLow complexity exploitationBuffer overflow vulnerabilitiesSQL injection possibleImproper permission enforcementMultiple CWE classificationsAffects ICS engineering platforms

Exploitability

Moderate exploit probability (EPSS 6.9%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess:< 8.2 20170817V8.2_20170817

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGLimit user privileges on engineering workstations to non-administrative accounts where possible

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess to Version V8.2_20170817 or later

Long-term hardening

0/1

HARDENINGRestrict local access to WebAccess engineering workstations through physical security controls, access lists, or network segmentation

CVEs (9)

CVE-2017-12710 CVE-2017-12708 CVE-2017-12706 CVE-2017-12704 CVE-2017-12702 CVE-2017-12698 CVE-2017-12713 CVE-2017-12711 CVE-2017-12717

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/65f230d3-28a1-4067-b70c-3dbbc923a842