ICSA-20-128-01 · Published 2020-05-07 · View on CISA ICS-CERT ↗

Advantech WebAccess Node

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may allow information disclosure, remote code execution, and compromise system availability.

CVE-2020-12022 CVE-2020-12010 CVE-2020-12006 CVE-2020-12026 CVE-2020-12014 CVE-2020-12002 CVE-2020-10638 CVE-2020-12018

Advantech has released WebAccessNode Version 8.4.4.P0320844 to address the reported vulnerabilities for users currently using WebAccessNode Version 8.4.4
Advantech has released WebAccessNode Version 9.0.0.P0320900 to address the reported vulnerabilities for users currently using WebAccessNode Version 9.0.0
Note: Upon installation, there is a step to let the user decide whether to define a password code for RPC calls. If the user leaves this blank, the installation will pop up a warning to the user for potential risks that they are willing to take.

Advantech

Advantech · WebAccess Node 9.0.0

Advantech · WebAccess Node <= 8.4.4

Critical Manufacturing, Energy, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.