Advantech WebAccess/SCADA Multiple Security Vulnerabilities – Jan 2019

Preface: Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, …

New vulnerabilities found in WebAccess/SCADA Version 8.3:
CVE-2019-6519 – An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-6521 – Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6523 – The software does not properly sanitize its inputs for SQL commands.

Status: Vendor do not have patch release in the moment (see below url)

https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Recommendation: Enforce access control. Meanwhile install SIEM facility to enhance the preventive and detective control.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.