Advantech WebAccess/SCADA

Plan Patch7.2ICS-CERT ICSA-23-152-01Jun 1, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Advantech WebAccess/SCADA versions 9.1.3 and earlier contain vulnerabilities (CWE-94: Improper Control of Generation of Code, CWE-434: Unrestricted Upload of File with Dangerous Type) that allow an attacker to arbitrarily overwrite files, resulting in remote code execution on the SCADA server.

What this means

What could happen

An attacker with elevated privileges could overwrite files on the WebAccess/SCADA server and execute arbitrary code, potentially allowing them to alter setpoints, disable alarms, halt operations, or manipulate historical data in energy control systems.

Who's at risk

Energy sector organizations using Advantech WebAccess/SCADA for SCADA operations, remote terminal units (RTUs), or supervisory servers should prioritize this update. This affects any facility using this platform for generation, transmission, or distribution control.

How it could be exploited

An attacker with high-level privileges (such as engineering or administrative credentials) could upload or manipulate files through WebAccess/SCADA's file handling mechanisms to overwrite system or application files, then execute arbitrary code to compromise the SCADA system and the underlying energy infrastructure it controls.

Prerequisites

High-privilege credentials (engineering or administrative account) for WebAccess/SCADA
Network access to the WebAccess/SCADA server
Ability to interact with file upload or file manipulation features in the application

Requires high-privilege credentialsFile upload/manipulation vulnerabilityCould lead to remote code execution on critical control systemAffects energy infrastructure

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

WebAccess/SCADA: <= 9.1.3≤ 9.1.39.1.4

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to WebAccess/SCADA servers—do not expose them to the Internet and locate them behind firewalls isolated from business networks

HARDENINGImplement strong access controls and limit high-privilege account usage to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WebAccess/SCADA to version 9.1.4 or later

Long-term hardening

0/1

HARDENINGIf remote access is required, use secure VPNs and keep VPN software updated to the latest version

CVEs (3)

CVE-2023-32540 CVE-2023-22450 CVE-2023-32628

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7e8849b5-e227-434b-a180-00aa3c476fbe