MesaLabs AmegaView

Act Now10ICS-CERT ICSA-21-147-03May 27, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

AmegaView versions 3.0 and earlier contain multiple vulnerabilities (CWE-77 command injection, CWE-287/288 authentication issues, CWE-269 improper privilege management) that could allow remote code execution or unauthorized device access. CVSS score 10.0 (critical). MesaLabs has discontinued AmegaView and will not release patches; users should migrate to ViewPoint software.

What this means

What could happen

An unauthenticated attacker on the network could remotely execute arbitrary commands on the device, allowing them to alter SCADA settings, stop operations, or compromise the entire control system.

Who's at risk

Water utilities, electric utilities, and industrial facilities using AmegaView as a SCADA human-machine interface (HMI) or data acquisition system. Any operator running AmegaView version 3.0 or earlier for process monitoring or setpoint control.

How it could be exploited

An attacker with network access to the device (port 80/443 or application service port) could send a crafted request exploiting command injection or authentication bypass flaws to execute code with system privileges, bypassing authentication controls.

Prerequisites

Network access to AmegaView application (typically port 80, 443, or vendor-specific port)
No valid credentials required

remotely exploitableno authentication requiredlow complexitycritical CVSS (10.0)no patch availableend-of-life product

Exploitability

Moderate exploit probability (EPSS 1.5%)

Affected products (1)

ProductAffected VersionsFix Status

AmegaView:≤ 3.0No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HOTFIXUpgrade to MesaLabs ViewPoint software (compatible with existing AmegaView hardware)

WORKAROUNDRestrict network access to AmegaView application to authorized engineering workstations only using host-based or network firewall rules

HARDENINGEnsure AmegaView is not accessible from the Internet or business network; place behind firewall and on isolated control system network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to AmegaView is required, implement VPN with current security patches; ensure VPN credentials are strong and unique

Mitigations - no patch available

0/1

AmegaView: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGConduct network segmentation to isolate control system networks from business systems

CVEs (5)

CVE-2021-27447 CVE-2021-27451 CVE-2021-27453 CVE-2021-27449 CVE-2021-27445

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bebd42ab-6ecd-4109-bdbb-e1628ca8f208