OTPulse
FeedAboutContact

Advantech WebAccess Node

Plan Patch7.8ICS-CERT ICSA-20-261-01Sep 17, 2020
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess Node versions prior to 9.0.1 contain a privilege escalation vulnerability (CWE-732) that allows a local user to escalate to administrative privileges. The vulnerability requires local access to the system and cannot be exploited remotely. Successful exploitation could grant an attacker administrative control to modify SCADA monitoring data, alter control logic, or disable system functions.

What this means
What could happen
An attacker with local access to a WebAccess Node system could escalate their privileges to gain administrative control of the device, potentially allowing them to modify SCADA data, alter control logic, or disable monitoring and reporting functions.
Who's at risk
Water utilities and electric utilities running Advantech WebAccess Node for SCADA monitoring and data collection should evaluate this risk. WebAccess Node is commonly used for remote terminal unit (RTU) communication, historian functions, and operator interfaces in water treatment and distribution, power generation, and transmission systems.
How it could be exploited
An attacker with a local user account on the WebAccess Node system could exploit a privilege escalation vulnerability to gain administrative access. This requires the attacker to already have a local account on the system; exploitation cannot be performed remotely.
Prerequisites
  • Local user account on the WebAccess Node system
  • Local command execution capability
Local access required for exploitationPrivilege escalation to administrative levelAffects supervisory control and SCADA data integrity
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess Node: All< 9.0.19.0.1
Remediation & Mitigation
0/2
Do now
0/1
HARDENINGRestrict local system access through principle of least privilege—limit local user accounts to only those necessary for operations and ensure users have minimum required permissions
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess Node to version 9.0.1 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7c16cdb0-5dd0-4626-ae23-450361cb0f0e
Advantech WebAccess Node | CVSS 7.8 - OTPulse