Advantech WebAccess/SCADA

Act Now9.8ICS-CERT ICSA-19-092-01Apr 2, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA versions 8.3.5 and earlier contain multiple input validation and memory management vulnerabilities (CWE-77 command injection, CWE-121 stack-based buffer overflow, CWE-284 improper access control). These flaws allow unauthenticated remote attackers to execute arbitrary code on the SCADA server and cause denial of service. Successful exploitation could allow an attacker to modify process configurations, halt monitoring operations, or disrupt SCADA visibility and control of energy infrastructure.

What this means

What could happen

An attacker with network access to WebAccess/SCADA could execute arbitrary code on the server, allowing them to modify process configurations, halt monitoring operations, or disrupt SCADA visibility and control of energy infrastructure.

Who's at risk

Energy utilities and facilities that rely on Advantech WebAccess/SCADA for remote monitoring and control of power generation, transmission, or distribution systems. This includes utilities using versions 8.3.5 or earlier for historian data storage, operator interface, or real-time process monitoring.

How it could be exploited

An attacker on the network sends a malicious request to a vulnerable instance of WebAccess/SCADA version 8.3.5 or earlier. The server processes the input without proper validation, allowing command injection or buffer overflow. The attacker gains code execution on the SCADA server with the same privileges as the WebAccess service.

Prerequisites

Network access to the WebAccess/SCADA server (typically port 80 or 443)
No authentication required
Vulnerable version (8.3.5 or earlier) deployed and reachable from the attacker's network

remotely exploitableno authentication requiredlow complexityhigh CVSS severity (9.8)affects critical infrastructure

Exploitability

Moderate exploit probability (EPSS 3.5%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA:≤ 8.3.58.4.0

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to WebAccess/SCADA server using firewall rules; do not expose to the Internet

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess/SCADA to version 8.4.0 or later

Long-term hardening

0/2

HARDENINGIsolate SCADA network from business network; require VPN with current security patches for any remote access

HARDENINGMonitor for suspicious activity and report findings to CISA if compromise is suspected

CVEs (3)

CVE-2019-6552 CVE-2019-6550 CVE-2019-6554

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5832047e-1888-4ed9-ab10-91ae3e835e99