OTPulse
FeedAboutContact

Advantech WebAccess

Act Now9.8ICS-CERT ICSA-21-285-02Oct 12, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Advantech WebAccess version 9.02 and earlier contains a heap-based buffer overflow vulnerability (CWE-122, CWE-121) in the OPC Server interface. An attacker can send a specially crafted request to cause memory corruption and achieve remote code execution without authentication. The vendor has not released a patched version. Advantech recommends implementing the remote access code (authentication passphrase) as a compensating control to prevent unauthorized OPC access, and reinstalling the software to enforce the same credentials across SCADA nodes.

What this means
What could happen
An attacker with network access to the WebAccess interface could execute arbitrary code on your SCADA server, potentially allowing them to alter process setpoints, halt operations, or manipulate historical data across your monitored systems.
Who's at risk
This affects water utilities, electric utilities, and other operators running Advantech WebAccess for SCADA monitoring. Any organization using WebAccess version 9.02 or earlier to monitor PLCs, RTUs, or other field devices should treat this as critical, as the application is the central command and monitoring point for your plant.
How it could be exploited
An attacker sends a crafted network request containing oversized data to the WebAccess application. The heap-based buffer overflow causes memory corruption that allows execution of the attacker's code on the OPC Server running WebAccess. No authentication is required.
Prerequisites
  • Network access to the WebAccess application port (typically port 80 or 8080)
  • WebAccess version 9.02 or earlier must be installed
Remotely exploitableNo authentication requiredLow complexityHeap-based buffer overflowNo patch availableSCADA/OPC server vulnerability
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess:≤ 9.02No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDConfigure and enforce the remote access code (security passphrase) in WebAccess to require authentication for OPC Server access. Re-install WebAccess software on the OPC Server and update matching credentials in your SCADA project database.
HARDENINGImplement network segmentation using firewall rules to restrict access to the WebAccess port to only authorized engineering workstations and control system networks. Block any unnecessary inbound connections.
Mitigations - no patch available
0/1
WebAccess: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from the WebAccess server for unexpected connection attempts or oversized requests.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/30f9b1d5-d39e-4a24-b9ce-b20f59a6cdb8
Advantech WebAccess | CVSS 9.8 - OTPulse