Advantech WebAccess

Act Now9.8ICS-CERT ICSA-18-135-01May 15, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess contains multiple vulnerabilities including SQL injection (CWE-89), insecure file operations (CWE-548, CWE-22), insufficient access controls (CWE-285), and buffer overflow issues (CWE-121, CWE-122). Successful exploitation could allow an attacker to disclose sensitive information from the host and target systems, execute arbitrary code, or delete files. Affected versions: WebAccess <= 8.3.0, WebAccess <= 8.2_20170817, WebAccess/NMS <= 2.0.3, WebAccess Dashboard <= 2.0.15, and WebAccess Scada Node < 8.3.1.

What this means

What could happen

An attacker could execute arbitrary code on your WebAccess server, compromise historian data and operator credentials, or disrupt SCADA visibility and control by deleting files or altering configurations. This could lead to loss of situational awareness, unauthorized process changes, or operational shutdown.

Who's at risk

Energy sector operators using Advantech WebAccess for SCADA monitoring, data historians, or remote access gateways. This includes utilities managing power distribution, generation facilities, and operators relying on WebAccess/NMS for multi-site monitoring or WebAccess Dashboard for remote operations.

How it could be exploited

An attacker with network access to the WebAccess server (default or custom port) can inject SQL commands into unvalidated input fields to extract credentials and configuration data, upload malicious files to the server to achieve code execution, or exploit buffer overflows to execute arbitrary commands. No authentication is required.

Prerequisites

Network access to WebAccess server port (default port varies by deployment)
No credentials required
No specific configuration required for exploitation

Remotely exploitableNo authentication requiredLow complexity attackCritical CVSS 9.8Multiple vulnerability classesAffects SCADA/historiandatabase systemsHigh-impact vulnerability

Exploitability

Moderate exploit probability (EPSS 3.4%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

WebAccess:≤ 8.3.08.3.1

WebAccess:≤ 8.2 201708178.3.1

WebAccess/NMS: 2.0.3 and prior≤ 2.0.38.3.1

WebAccess Dashboard:≤ 2.0.158.3.1

WebAccess Scada Node:< 8.3.18.3.1

Remediation & Mitigation

0/7

Do now

0/6

HOTFIXUpdate WebAccess to Version 8.3.1 or later from Advantech support portal

HOTFIXUpdate WebAccess Scada Node to Version 8.3.1 or later

HOTFIXIf running WebAccess/NMS 2.0.3 or WebAccess Dashboard 2.0.15, contact Advantech support for patch availability or migration planning

HARDENINGPlace WebAccess servers behind firewalls and restrict network access to authorized engineering workstations and control networks only

HARDENINGIsolate WebAccess servers from the business network and Internet using network segmentation or air-gapping

HARDENINGIf remote access is required, implement VPN with strong authentication (multi-factor) and keep VPN software updated to current version

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor WebAccess server logs and network traffic for suspicious SQL patterns, file operations, or unauthorized access attempts

CVEs (11)

CVE-2018-7501 CVE-2018-10590 CVE-2018-7505 CVE-2018-7503 CVE-2018-10589 CVE-2018-7499 CVE-2018-8845 CVE-2018-7497 CVE-2018-7495 CVE-2018-10591 CVE-2018-8841

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ca701599-6941-4631-9b94-dafff70a9a38