OTPulse
FeedAboutContact

Advantech WebAccess/SCADA

Plan Patch8.8ICS-CERT ICSA-20-289-01Oct 15, 2020
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess/SCADA versions 9.0 and earlier contain a vulnerability that allows an authenticated attacker to execute remote code as an administrator. The vulnerability is caused by insufficient input validation in application functionality.

What this means
What could happen
An attacker with valid engineering or operator credentials could run arbitrary commands on the SCADA server with administrator privileges, potentially modifying setpoints, stopping processes, or disrupting monitoring of critical infrastructure operations.
Who's at risk
Energy sector operators running Advantech WebAccess/SCADA systems for SCADA monitoring, data acquisition, and supervisory control should prioritize this update. This includes water utilities, electric utilities, and other critical infrastructure using WebAccess/SCADA for real-time process monitoring and control.
How it could be exploited
An attacker with valid credentials logs into WebAccess/SCADA and submits specially crafted input through the application interface. The application processes this input without proper validation, allowing the attacker to execute arbitrary code with administrator rights on the SCADA server.
Prerequisites
  • Valid WebAccess/SCADA user credentials (engineering or operator account)
  • Network access to the WebAccess/SCADA web interface or application
  • Knowledge of the vulnerable input field or application functionality
Requires valid authentication (reduces but does not eliminate risk)Remote code execution as administratorMedium CVSS score (8.8)No public exploit currently known
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess/SCADA:≤ 9.09.0.1 or later
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict network access to WebAccess/SCADA to authorized engineering workstations only; block direct Internet access
WORKAROUNDFor required remote access, implement and maintain secure VPN solutions with current patches
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Advantech WebAccess/SCADA to Version 9.0.1 or later
HARDENINGReview and enforce strong authentication policies for WebAccess/SCADA user accounts; disable unused accounts
Long-term hardening
0/1
HARDENINGImplement network segmentation: isolate the SCADA network behind a firewall and restrict access from the business network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d3045e19-6424-4338-b0b6-742c8a369c0e
Advantech WebAccess/SCADA | CVSS 8.8 - OTPulse