OTPulse
FeedAboutContact

Advantech WebAccess Node

Act Now9.8ICS-CERT ICSA-20-161-01Jun 9, 2020
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess Node versions 8.4.4 and earlier contain a buffer overflow vulnerability (CWE-121) that could allow remote code execution or denial of service. The vulnerability is exposed to unauthenticated network access. Advantech has released patch P0520844 for version 8.4.4 to address this issue.

What this means
What could happen
A buffer overflow in WebAccess Node could allow an attacker to crash the application or execute arbitrary code on the device, disrupting SCADA dashboards and potentially affecting remote monitoring and control of industrial processes.
Who's at risk
Water authorities, electric utilities, and other infrastructure operators using Advantech WebAccess Node as their SCADA HMI (human-machine interface) for remote process monitoring and control. Any organization running WebAccess Node version 8.4.4 or earlier is affected.
How it could be exploited
An attacker with network access to the WebAccess Node (typically port 80 or 443) sends a specially crafted input that triggers a buffer overflow. This could crash the application or, if successfully exploited, allow the attacker to run code with the privileges of the WebAccess Node process.
Prerequisites
  • Network reachability to WebAccess Node on HTTP/HTTPS ports
  • No authentication required to trigger the overflow
  • Affected version is 8.4.4 or earlier
remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)affects HMI/SCADA systems
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess Node:≤ 8.4.48.4.4 with patch P0520844
Remediation & Mitigation
0/4
Do now
0/2
HOTFIXApply patch P0520844 to WebAccess Node Version 8.4.4 immediately
HARDENINGRestrict network access to WebAccess Node: place it behind a firewall and disable direct Internet exposure
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGIsolate WebAccess Node from the business network using a DMZ or separate industrial network segment
Long-term hardening
0/1
HARDENINGIf remote access is required, enforce VPN with current security patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4481eaab-00e8-4e04-b014-0ce57c0c7462
Advantech WebAccess Node | CVSS 9.8 - OTPulse