OTPulse
FeedAboutContact

Advantech WebAccessSCADA

Plan Patch8.8ICS-CERT ICSA-21-103-02Apr 13, 2021
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess/SCADA versions 9.0.1 and earlier contain a privilege escalation vulnerability (CWE-732) that allows an authenticated user to gain admin-level access to the system. Successful exploitation permits an attacker to fully control the SCADA system, including modification of process setpoints, alarms, and operational parameters. The vulnerability is remotely exploitable over the network and requires only valid user credentials (not necessarily admin credentials) to trigger.

What this means
What could happen
An authenticated attacker could gain admin-level control of WebAccess/SCADA, allowing them to modify process parameters, disable alarms, or disrupt normal plant operations including generation, distribution, or transmission control.
Who's at risk
Energy sector organizations running Advantech WebAccess/SCADA for generation, transmission, or distribution control. This affects any utility, industrial plant, or critical infrastructure facility using this SCADA software for real-time process monitoring and control.
How it could be exploited
An attacker with valid user credentials (standard or engineering account) could exploit a privilege escalation flaw to escalate their access to admin level. Once elevated, they can issue any command or configuration change to the SCADA system that an administrator could make. The attack requires network access to the WebAccess/SCADA web interface and valid login credentials.
Prerequisites
  • Network access to WebAccess/SCADA web interface (typically port 80 or 443)
  • Valid user account credentials (non-admin account sufficient)
  • Version 9.0.1 or earlier deployed
remotely exploitablerequires authentication but low barrier (standard user account)privilege escalation to adminaffects control system operations
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess/SCADA:≤ 9.0.19.0.3 or later
Remediation & Mitigation
0/6
Do now
0/2
WORKAROUNDRestrict network access to WebAccess/SCADA by IP whitelist or firewall rules; allow only authorized engineering workstations
WORKAROUNDDisable or restrict remote access to WebAccess/SCADA unless absolutely required for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess/SCADA to Version 9.0.3 or later
Long-term hardening
0/3
HARDENINGImplement VPN with multi-factor authentication for any required remote access
HARDENINGAudit user accounts and ensure least-privilege access; remove unnecessary admin accounts
HARDENINGIsolate SCADA network from business network with firewall segmentation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/70d6b710-ba93-4220-bda0-939a325742d5
Advantech WebAccessSCADA | CVSS 8.8 - OTPulse