Advantech WebAccess (Update A)

Act Now8.2ICS-CERT ICSA-18-004-02AJan 4, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess versions prior to 8.3 contain multiple vulnerabilities stemming from insufficient input validation and improper path handling (CWE-822, CWE-121, CWE-22, CWE-89, CWE-20, CWE-434, CWE-416). These weaknesses allow remote attackers to upload arbitrary files, inject code, traverse directories, and execute commands without authentication. The vulnerability chain enables both confidentiality bypass and high-impact availability attacks.

What this means

What could happen

An attacker could remotely execute commands or alter data on WebAccess, potentially disrupting SCADA dashboards, data logging, or remote monitoring capabilities that operators rely on to view and control industrial processes.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Advantech WebAccess for SCADA monitoring and HMI (human-machine interface) dashboards should prioritize this update. WebAccess is typically used to provide remote visibility into operational status and historical data logging across multiple sites.

How it could be exploited

An attacker with network access to the WebAccess port could send a specially crafted request containing malicious input or file uploads. The vulnerability allows bypass of input validation and path traversal, enabling code injection or arbitrary command execution on the server without requiring authentication.

Prerequisites

Network access to WebAccess web interface port
No authentication required
WebAccess version 8.2 or earlier

remotely exploitableno authentication requiredlow complexityhigh EPSS score (21.9%)

Exploitability

High exploit probability (EPSS 21.9%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess:< 8.38.3

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to WebAccess ports using firewall rules; limit access to authorized engineering and operator workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess to version 8.3 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate WebAccess from untrusted networks and the internet

CVEs (7)

CVE-2017-16728 CVE-2017-16724 CVE-2017-16720 CVE-2017-16716 CVE-2017-16753 CVE-2017-16736 CVE-2017-16732

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/82812710-294d-4b4f-9c4a-9a2049116fc0