OTPulse
FeedAboutContact

Advantech WebAccess

Act Now7.3ICS-CERT ICSA-17-306-02Nov 2, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess versions prior to 8.2_20170817 contain stack buffer overflow (CWE-121) and array bounds checking (CWE-822) vulnerabilities. These flaws allow remote unauthenticated attackers to execute arbitrary code on systems running WebAccess. The vulnerabilities are remotely exploitable with low skill level and can be triggered without user interaction or special configuration.

What this means
What could happen
Multiple stack buffer overflow and array bounds checking vulnerabilities in WebAccess could allow unauthenticated remote attackers to execute arbitrary code on the web server, potentially compromising critical infrastructure monitoring and control data.
Who's at risk
Water utilities, electric utilities, and industrial facilities using Advantech WebAccess for SCADA/ICS monitoring and data collection. This includes any organization using WebAccess for remote operations monitoring, alarm management, or process visualization.
How it could be exploited
An attacker on the network can send specially crafted requests to the WebAccess server (port 80/443) without authentication. The malformed input triggers a buffer overflow or out-of-bounds array access in WebAccess, allowing the attacker to inject and execute arbitrary code on the system running WebAccess.
Prerequisites
  • Network reachability to WebAccess server on port 80 or 443
  • No authentication required
  • Vulnerable WebAccess version (< 8.2_20170817) deployed and accessible
remotely exploitableno authentication requiredlow complexityhigh EPSS score (19.2%)affects monitoring and control visibility
Exploitability
High exploit probability (EPSS 19.2%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess:< 8.2 201708178.2_20170817
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to WebAccess server to authorized engineering workstations and administrative networks using firewall rules or network segmentation
HARDENINGIsolate WebAccess from direct internet exposure; if remote access is required, deploy behind a VPN or jump server
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess to version 8.2_20170817 or later
HARDENINGMonitor WebAccess logs for unusual requests or failed authentication attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1a6a27cd-83ff-4779-b058-07d8e8a9c4d8
Advantech WebAccess | CVSS 7.3 - OTPulse