OTPulse
FeedAboutContact

Advantech WebAccess

Monitor6.5ICS-CERT ICSA-23-285-15Oct 12, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Advantech WebAccess contains a credential disclosure vulnerability (CWE-1295) that could allow an attacker to leak user login credentials. Successful exploitation requires the user to click a malicious link or visit an attacker-controlled webpage. The vulnerability affects WebAccess version 9.1.3.

What this means
What could happen
An attacker could steal user credentials for WebAccess accounts, potentially gaining unauthorized access to critical water or electric utility control system interfaces and the ability to make configuration changes or view sensitive operational data.
Who's at risk
Water utilities, electric utilities, and other operators relying on Advantech WebAccess for supervisory control and monitoring of pumps, treatment systems, substations, and other critical infrastructure. Any organization using WebAccess 9.1.3 for administrative access to SCADA or HMI functions is affected.
How it could be exploited
An attacker could craft a malicious link or webpage that, when clicked by a WebAccess user, captures their login credentials through a browser-based attack. The stolen credentials could then be used to log into WebAccess directly to access control system configuration and monitoring functions.
Prerequisites
  • Network access to WebAccess server (port 80/443)
  • User interaction required - victim must click a malicious link or visit an attacker-controlled site
remotely exploitableuser interaction requiredlow attack complexityaffects control system accessmedium CVSS score
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Advantech WebAccess: 9.1.39.1.39.1.4
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to WebAccess to trusted administrative networks only; block external access from the internet
HARDENINGPlace WebAccess behind a firewall and isolate from business network if not required for integration
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Advantech WebAccess to version 9.1.4 or later
HARDENINGRequire VPN access for any remote administrative connections to WebAccess; ensure VPN is kept updated
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1c19b03a-1b86-49b4-a827-dae5ddff5cc6