Advantech WebAccess/SCADA

Plan Patch7.3ICS-CERT ICSA-18-352-02Dec 18, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A stack buffer overflow vulnerability in Advantech WebAccess/SCADA versions up to 8.3.2 on Windows 2008 Rs SP1 allows an unauthenticated attacker with network access to overflow the stack, potentially causing denial of service or remote code execution on the SCADA server. The vulnerability is triggered by sending specially crafted input to the web interface.

What this means

What could happen

A stack buffer overflow in WebAccess/SCADA could allow an attacker to crash the SCADA server or execute arbitrary code, disrupting remote monitoring and control of critical energy infrastructure.

Who's at risk

Energy utilities and critical infrastructure operators running Advantech WebAccess/SCADA for remote monitoring and control of power systems, substations, and generation facilities.

How it could be exploited

An attacker with network access to the WebAccess/SCADA server can send a specially crafted input that overflows the stack buffer, causing either a denial of service (crash) or code execution that allows takeover of the SCADA application and its data.

Prerequisites

Network access to WebAccess/SCADA server (port 80/443 default web interface or port 502 Modbus/TCP if enabled)
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredlow complexityhigh CVSS (7.3)affects SCADA control system

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA:8.3.2 on Windows 2008 Rs SP18.3.4

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to WebAccess/SCADA server by placing it behind a firewall and isolating it from the business network

HARDENINGDisable public Internet access to WebAccess/SCADA; require VPN or authenticated remote access methods if remote administration is needed

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess/SCADA to version 8.3.4 or later

HARDENINGPerform impact analysis before deploying patches to confirm maintenance window availability

CVEs (1)

CVE-2018-18999

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fa853e08-219a-4709-b127-1b835b8669bc