Advantech WebAccess/SCADA

Risk Summary

Successful exploitation of this vulnerability could allow an attacker full control over the SCADA (supervisory control and data acquisition) server.

CVEs (1)

Remediations

• Advantech recommends users locate and delete the �WADashboardSetup.msi� file to avoid this issue.
• If users wish to remedy this problem in version 8.4.5, they can uninstall "WebAccess Dashboard" from the control panel. Delete the following files:
• \Inetpub\wwwroot\broadweb\WADashboard
• \WebAccess\Node\WADashboardSetup.msi
• Advantech released a new version V9.1.4 to address the problem by not including these files.
• CISA also recommends users take the following measures to protect themselves from social engineering attacks:
• Do not click web links or open attachments in unsolicited email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Energy, Water and Wastewater Systems