OTPulse
FeedAboutContact

Advantech WebAccess/SCADA

Monitor6.4ICS-CERT ICSA-24-081-01Mar 21, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

WebAccess/SCADA versions 9.1.5U and earlier contain a SQL injection vulnerability in database query handling that allows authenticated users to read or modify the remote database. An attacker with valid credentials could bypass application controls to access or alter operational data, configuration settings, and records without proper audit trail.

What this means
What could happen
An attacker with valid login credentials could read or modify the SCADA database, potentially allowing them to change process data, operational records, or system configuration without authorization.
Who's at risk
Electric utilities and energy facilities running Advantech WebAccess/SCADA for process monitoring and control. This affects SCADA servers and human-machine interfaces (HMIs) used to monitor and manage generators, distribution systems, and operational databases. Energy sector operators managing critical infrastructure should prioritize this.
How it could be exploited
An attacker with valid credentials to WebAccess/SCADA logs in and crafts SQL injection payloads in database queries through the web interface. This allows direct read or modification of the underlying database without detection, bypassing normal application controls.
Prerequisites
  • Valid WebAccess/SCADA user credentials (engineering or operator account)
  • Network access to the WebAccess/SCADA web interface (typically port 80/443)
  • Running WebAccess/SCADA version 9.1.5U or earlier
Requires valid credentials to exploitSQL injection vulnerabilityAffects database integrity and confidentialityPatch available but requires maintenance windowMedium CVSS score
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
WebAccess/SCADA: 9.1.5U9.1.5U9.1.6 or higher
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to WebAccess/SCADA to authorized engineering workstations and control center IPs using firewall rules; block all internet-facing access
HARDENINGEnforce strong, unique passwords for all WebAccess/SCADA user accounts; implement account lockout policies
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WebAccess/SCADA to version 9.1.6 or higher
Long-term hardening
0/1
HARDENINGIsolate WebAccess/SCADA network from the business network; require VPN with multi-factor authentication for any remote access
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/a0365f61-0126-4200-b27d-c493e7432a95
Advantech WebAccess/SCADA | CVSS 6.4 - OTPulse