Advantech WebAccess/NMS

Monitor5.3ICS-CERT ICSA-21-229-02Aug 17, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/NMS versions prior to 3.0.3_Build6299 contain an authentication bypass vulnerability (CWE-287) that allows remote, unauthenticated attackers to access sensitive resources and functionality, leading to information disclosure such as configuration data, system details, or operational parameters.

What this means

What could happen

An attacker with network access to WebAccess/NMS could read sensitive configuration data or system information without needing to log in, potentially revealing details about monitored infrastructure, device credentials, or operational parameters.

Who's at risk

Organizations running Advantech WebAccess/NMS for network and system monitoring should care about this. This includes water utilities, electric utilities, and industrial facilities that use this management platform to monitor multiple devices and control systems.

How it could be exploited

An attacker on the network where WebAccess/NMS is deployed could send unauthenticated requests to the application to access sensitive information or functionality that should require login credentials. No user interaction is required.

Prerequisites

Network access to the WebAccess/NMS server and its listening ports
WebAccess/NMS version earlier than 3.0.3_Build6299 must be running

Remotely exploitableNo authentication requiredLow complexitySensitive information disclosure

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/NMS:< 3.0.3 Build62993.0.3_Build6299 or later

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGEnsure WebAccess/NMS is not directly accessible from the Internet; place it behind a firewall or in a restricted network segment

HARDENINGRestrict network access to WebAccess/NMS to only authorized engineering workstations and management devices using firewall rules or network segmentation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Advantech WebAccess/NMS to version 3.0.3_Build6299 or later

HARDENINGIf remote access to WebAccess/NMS is required, use a VPN with current security patches and multi-factor authentication

CVEs (1)

CVE-2021-32951

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/58ae269c-625e-4a07-be46-4ddea1b66eb8