Advantech WebAccess

Plan Patch8.4ICS-CERT ICSA-18-298-02Oct 25, 2018

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

WebAccess versions 8.3.2 and prior contain improper access control and memory management vulnerabilities (CWE-284, CWE-121) that allow arbitrary code execution. Successful exploitation could allow an attacker with local access to execute code with high privileges, potentially compromising SCADA data, alarms, and connected control devices. No known public exploits are currently active.

What this means

What could happen

An attacker with local access to a system running WebAccess could execute arbitrary code with high privileges, potentially allowing them to modify setpoints, disable alarms, or disrupt SCADA monitoring and data collection across connected industrial devices.

Who's at risk

Organizations using Advantech WebAccess for SCADA monitoring, data logging, or industrial process visualization should care about this vulnerability. This includes water utilities, power generation facilities, manufacturing plants, and any facility relying on WebAccess as a HMI (Human-Machine Interface) or data collection platform for supervisory control.

How it could be exploited

An attacker with local access to a WebAccess host (via USB, shared drive, or compromised local account) could exploit improper access controls or memory issues to run arbitrary commands. This could occur during system administration or if an operator's workstation is compromised and used to access WebAccess locally.

Prerequisites

Local access to the WebAccess host system
WebAccess version 8.3.2 or earlier installed
Ability to execute code or interact with the local file system on the WebAccess system

local access requiredhigh privileges after exploitationimproper access controlsmemory safety issuesaffects SCADA monitoring capability

Exploitability

Moderate exploit probability (EPSS 2.7%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess Versions: 8.3.2 and prior≤ 8.3.28.3.3

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict local and remote access to WebAccess systems to authorized personnel only; implement strong access controls on administrator and operator accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Advantech WebAccess to version 8.3.3 or later

Long-term hardening

0/2

HARDENINGIsolate WebAccess systems and the control system network behind firewalls and separate from business network

HARDENINGIf remote access to WebAccess is required, use VPN or other secure tunneling methods and ensure those methods are kept up to date

CVEs (2)

CVE-2018-17908 CVE-2018-17910

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/280864cc-20a3-4f1f-a21a-535c07151818