Advantech WebAccess/SCADA

Act Now9.8ICS-CERT ICSA-19-178-05Jun 27, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA versions 8.3.5 and earlier contain multiple memory safety and path traversal vulnerabilities (CWE-22, CWE-121, CWE-122, CWE-125, CWE-787, CWE-822) that could allow information disclosure, deletion of files, and remote code execution. The vulnerabilities are remotely exploitable with no authentication required and low attack complexity.

What this means

What could happen

An attacker could remotely execute commands on your WebAccess/SCADA server without a password, allowing them to read sensitive process data, delete files, or modify how your SCADA system operates. This could disrupt power distribution, water treatment, or other critical infrastructure operations.

Who's at risk

Energy sector operators who rely on Advantech WebAccess/SCADA for SCADA monitoring and control of power generation, transmission, or distribution systems. This includes electric utilities managing grid operations and operators of water treatment facilities using SCADA for process automation. Any organization running WebAccess/SCADA 8.3.5 or earlier is at risk if the system is reachable from any untrusted network.

How it could be exploited

An attacker on the network (or Internet if your SCADA system is exposed) sends a crafted request to the WebAccess/SCADA application. The vulnerabilities allow the attacker to write to memory, traverse the file system, or execute arbitrary code on the server without any credentials. No user interaction is required.

Prerequisites

Network access to the WebAccess/SCADA web interface (typically port 80/443)
WebAccess/SCADA version 8.3.5 or earlier running

remotely exploitableno authentication requiredlow complexityhigh EPSS score (24.6%)affects critical infrastructure control systems

Exploitability

High exploit probability (EPSS 24.6%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA:≤ 8.3.58.4.1

Remediation & Mitigation

0/4

Do now

0/3

HOTFIXUpgrade WebAccess/SCADA to version 8.4.1 or later from Advantech support portal

HARDENINGBlock network access to WebAccess/SCADA from the Internet and business networks; place SCADA system behind a firewall and on an isolated network segment

HARDENINGRequire VPN with multi-factor authentication for any remote access to WebAccess/SCADA; keep VPN software up to date

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring to detect suspicious connections or requests to WebAccess/SCADA ports

CVEs (6)

CVE-2019-10985 CVE-2019-10991 CVE-2019-10989 CVE-2019-10983 CVE-2019-10987 CVE-2019-10993

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/76cdab58-79cf-40a8-aa85-6877844b4fad