OTPulse
FeedAboutContact

Advantech WebAccess

Act Now9.8ICS-CERT ICSA-21-245-03Sep 2, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A stack-based buffer overflow vulnerability (CWE-121) in Advantech WebAccess versions 9.02 and earlier allows remote code execution without authentication over the network. Successful exploitation grants an attacker arbitrary code execution on the WebAccess server, potentially allowing modification of HMI displays, process data, alarms, and operator interaction with critical systems.

What this means
What could happen
An attacker could execute arbitrary code on WebAccess servers, potentially gaining full control over HMI/SCADA visualization systems and the ability to modify setpoints, alter alarms, or disrupt operator visibility into critical processes.
Who's at risk
This affects any organization using Advantech WebAccess for HMI/SCADA visualization and monitoring, including water utilities, electric utilities, wastewater treatment plants, and other critical infrastructure operators who rely on WebAccess for real-time process visibility and control.
How it could be exploited
An attacker on the network (or with network access to the WebAccess server) sends a crafted request exploiting a stack-based buffer overflow (CWE-121) to the WebAccess service. No authentication is required. If successful, the attacker runs code with the privileges of the WebAccess process.
Prerequisites
  • Network access to the WebAccess server on its service port
  • No authentication required
  • WebAccess version 9.02 or earlier
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)no patch availableaffects control system visibility and potential controlstack-based buffer overflow
Exploitability
Moderate exploit probability (EPSS 1.5%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess:≤ 9.02No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/4
HARDENINGRestrict network access to WebAccess servers: block inbound connections from untrusted networks, business network, and the Internet. Allow connections only from authorized engineering workstations and operators on isolated control system networks.
HARDENINGImplement network segmentation: place WebAccess servers behind firewalls and isolate control system networks from business network and Internet.
WORKAROUNDIf remote access to WebAccess is required, use a secure VPN with current security updates and network-based access controls (e.g., whitelisting operator IPs).
HARDENINGMonitor WebAccess servers for suspicious activity and unauthorized access attempts. Log and review all connections.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Advantech for patch availability updates and test patches in a controlled environment before production deployment.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/109aba1e-bcb5-4713-b4bd-1d88670e7e52
Advantech WebAccess | CVSS 9.8 - OTPulse