Advantech WebAccess

Act Now9.8ICS-CERT ICSA-18-296-01Oct 23, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess versions 8.3.1 and earlier contain multiple vulnerabilities (CWE-121 buffer overflow, CWE-22 path traversal, CWE-269 improper access control, CWE-73 external control of file name or path) that allow unauthenticated remote attackers to execute arbitrary code with elevated privileges, access sensitive files, or delete files on the WebAccess system.

What this means

What could happen

An attacker could execute arbitrary code with elevated privileges on the WebAccess server, allowing them to modify process configurations, access sensitive data, or disrupt monitoring and control operations.

Who's at risk

Water and power utilities using Advantech WebAccess for SCADA/HMI monitoring and control (versions 8.3.1 and earlier). Any organization where WebAccess is internet-facing or accessible from untrusted networks is at highest risk.

How it could be exploited

An unauthenticated attacker with network access to the WebAccess application (typically port 80/443) can send a specially crafted request exploiting input validation flaws (CWE-121, CWE-22) to achieve remote code execution with the privileges of the WebAccess service account.

Prerequisites

Network access to WebAccess HTTP/HTTPS port
WebAccess version 8.3.1 or earlier
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Affects supervisory control systems

Exploitability

Moderate exploit probability (EPSS 8.4%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess:≤ 8.3.18.3.3

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to WebAccess to only authorized engineering workstations and control systems using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess to version 8.3.3 or later

Long-term hardening

0/2

HARDENINGPlace WebAccess behind a firewall and isolate the control network from the business network

HARDENINGIf remote access to WebAccess is required, use a VPN with current security patches and multi-factor authentication

CVEs (4)

CVE-2018-14816 CVE-2018-14820 CVE-2018-14828 CVE-2018-14806

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5ab93f64-3504-4047-bc04-2dbb3b39b2db