Advantech WebAccess/SCADA Multiple Security Vulnerabilities

Bugtraq ID:	106722
Class:	Unknown
CVE:	CVE-2019-6519 CVE-2019-6521 CVE-2019-6523
Remote:	Yes
Local:	No
Published:	Jan 24 2019 12:00AM
Updated:	Jan 24 2019 12:00AM
Credit:	Devesh Logendran from Attila Cybertech Pte. Ltd.
Vulnerable:	Advantech WebAccess/SCADA 8.3.4 Advantech WebAccess/SCADA 8.3.2 Advantech WebAccess/SCADA 8.3
Not Vulnerable:	Advantech WebAccess/SCADA 8.3.5

Advantech WebAccess/SCADA Multiple Security Vulnerabilities

Advantech WebAccess/SCADA is prone to the following vulnerabilities:

1. Multiple authentication-bypass vulnerabilities
2. An SQL-injection vulnerability

An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Advantech WebAccess/SCADA version 8.3 is vulnerable.

Advantech WebAccess/SCADA Multiple Security Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Advantech WebAccess/SCADA Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Advantech WebAccess/SCADA Multiple Security Vulnerabilities

References:

• Advantech Home Page (Advantech)
  
• Advantech WebAccess/SCADA Product Page (Advantech)
  
• Advisory (ICSA-19-024-01) (ICS-CERT)