Advantech WebAccess/SCADA Multiple Security Vulnerabilities – Jan 2019

Preface: Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, …

New vulnerabilities found in WebAccess/SCADA Version 8.3:
CVE-2019-6519 – An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-6521 – Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6523 – The software does not properly sanitize its inputs for SQL commands.

Status: Vendor do not have patch release in the moment (see below url)

Recommendation: Enforce access control. Meanwhile install SIEM facility to enhance the preventive and detective control.