Advantech WebAccess/SCADA

Act Now9.8ICS-CERT ICSA-19-024-01Jan 24, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA versions before 8.3.5 contain multiple authentication and SQL injection vulnerabilities (CWE-287, CWE-288, CWE-89) that allow an attacker with network access to bypass authentication controls and execute arbitrary SQL queries against the application database. Successful exploitation allows access to and manipulation of sensitive data stored in the SCADA system.

What this means

What could happen

An attacker could bypass authentication on a WebAccess/SCADA server and modify critical process data, setpoints, alarms, or user accounts without legitimate access credentials, potentially causing uncontrolled process changes or disabling visibility into plant operations.

Who's at risk

Energy sector operators using Advantech WebAccess/SCADA for plant supervision and data management. This includes utilities managing SCADA servers that store and control critical process parameters such as setpoints, alarms, and operator permissions. Version 8.3 and earlier are affected.

How it could be exploited

An attacker sends specially crafted network requests to the WebAccess/SCADA web interface. Because authentication controls are weak or bypassable (CWE-287/288) and SQL injection flaws exist (CWE-89), the attacker can inject SQL commands to read or modify the application database without providing valid credentials. This grants access to process configuration, historical data, and operator accounts.

Prerequisites

Network connectivity to the WebAccess/SCADA web server port (typically 80/443)
No valid user credentials required

remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects SCADA/control system data integrity

Exploitability

Moderate exploit probability (EPSS 3.1%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA:8.38.3.5

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to WebAccess/SCADA web interface to authorized engineering workstations only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess/SCADA to version 8.3.5 or later

Long-term hardening

0/2

HARDENINGPlace WebAccess/SCADA servers behind a firewall and isolate SCADA network from business network

HARDENINGIf remote access is needed, route connections through a VPN and verify VPN software is patched to the latest version

CVEs (3)

CVE-2019-6519 CVE-2019-6521 CVE-2019-6523

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/812b9a80-e081-426b-8676-bc09ede959bb