ICSA-21-217-04 · Published 2021-08-05 · View on CISA ICS-CERT ↗

Advantech WebAccess SCADA

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to hijack a user 's cookie/session tokens, gain unauthorized access to files and directories, and execute arbitrary code.

CVEs (3)

CVE-2021-22676 CVE-2021-22674 CVE-2021-32943

Remediations

Advantech recommends users running version 8 of the software to update to Version 8.4.5
Advantech recommends users running version 9 of the software to update to Version 9.0.1

Affected Vendors

Advantech

Affected Products (2)

Advantech · WebAccess/SCADA < 9.0.1

Advantech · WebAccess/SCADA < 8.4.5

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more