OTPulse
FeedAboutContact

Advantech WebAccess/SCADA

Act Now9.8ICS-CERT ICSA-23-166-02Jun 15, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

WebAccess/SCADA versions prior to 9.1.4 contain an improper input handling vulnerability that allows an unauthenticated remote attacker to execute arbitrary commands and access the file system on affected servers without authentication or user interaction. Successful exploitation could result in complete compromise of the SCADA system, enabling attackers to read, modify, or delete critical system and process data, alter control logic, or disrupt operations.

What this means
What could happen
An attacker with network access to your WebAccess/SCADA system could gain complete control of the remote file system and execute arbitrary commands on the server, potentially altering SCADA logic, reading sensitive process data, or disrupting grid/plant operations.
Who's at risk
Energy sector operators using Advantech WebAccess/SCADA for central monitoring and control of generation, transmission, or distribution systems should prioritize this update. Any facility running WebAccess versions prior to 9.1.4 is at risk.
How it could be exploited
An attacker on a network path to your WebAccess/SCADA server (port 80/443 or configured service port) sends a specially crafted request that exploits an improper input handling flaw, allowing unauthenticated remote command execution directly on the server without any user interaction.
Prerequisites
  • Network reachability to WebAccess/SCADA service port (default 80/443)
  • No authentication required
  • No user interaction needed
  • WebAccess/SCADA version 9.1.3 or earlier
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)critical severityaffects SCADA/process control
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess/SCADA: < 9.1.4< 9.1.49.1.4.
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to WebAccess/SCADA server; place behind firewall, allow only authorized IPs/VLANs
WORKAROUNDIf remote access is required, use VPN with strong authentication and keep VPN software fully patched
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess/SCADA to version 9.1.4 or later
Long-term hardening
0/1
HARDENINGImplement network segmentation to isolate SCADA network from corporate network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/4b5a7832-0a72-4eae-a84c-dd6a2dbda8cb
Advantech WebAccess/SCADA | CVSS 9.8 - OTPulse