CISA Issues Advisory on WebAccess/SCADA Vulnerability: SQL Injection Threatens Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has recently released an essential advisory on Industrial Control Systems (ICS). The CISA One Industrial Control Systems Advisory, marked by CVSS v4 7.1, highlights concerns regarding the WebAccess/SCADA system, manufactured by Advantech.

The identified vulnerability pertains to SQL Injection, a popular cyberattack attack technique that exploits vulnerabilities in databases by injecting malicious SQL code.

Through SQL Injection, attackers manipulate input fields or parameters to execute unauthorized SQL commands, potentially gaining access to sensitive data, modifying records, or taking control of the database server.

The One Industrial Control Systems Advisory serves as crucial updates on prevailing security issues, vulnerabilities, and potential exploits affecting ICS systems, offering timely insights for concerned parties and stakeholders. 

Decoding CISA’s One Industrial Control Systems Advisory

The identified WebAccess/SCADA vulnerability, if successfully exploited, could grant an authenticated attacker the ability to read or modify a remote database, posing substantial risks to system integrity and data confidentiality.

The affected product, Advantech’s WebAccess/SCADA, particularly version 9.1.5U, is a browser-based SCADA software widely utilized in critical infrastructure sectors such as manufacturing, energy, and water management systems. The vulnerability stems from CWE-89, involving improper neutralization of special elements used in an SQL command, commonly known as SQL Injection.

This flaw enables malicious actors to manipulate SQL commands through user-controllable inputs, potentially bypassing security measures or executing unauthorized commands on the backend database, posing a severe threat to system security.

The affected product is deployed extensively across various regions, including East Asia, Europe, and the United States, with its headquarters situated in Taiwan. CISA’s discovery of a public Proof of Concept (PoC), authored by Prześlij Komentarz, highlights the urgency of addressing this vulnerability promptly.

Background and Researcher Insights

In response to the identified WebAccess/SCADA vulnerability, Advantech recommends updating WebAccess/SCADA to version 9.1.6 or higher, emphasizing the criticality of applying patches promptly to mitigate potential risks. 

CISA emphasizes the importance of implementing defensive measures to minimize the risk of exploitation in industrial control systems. These measures include restricting network exposure for control devices, ensuring they are not accessible from the internet, as well as employing robust network segmentation through firewalls to isolate control system networks from other business networks. 

Additionally, CISA recommends utilizing secure remote access methods such as Virtual Private Networks (VPNs) and keeping VPN software updated regularly. Before implementing defensive measures, CISA highlights the necessity of conducting comprehensive impact analyses and risk assessments to ensure their effectiveness. 

Furthermore, CISA provides additional resources and best practices on its website, including technical papers and guidance documents, aimed at fortifying industrial control system assets against cyber threats. Organizations encountering suspicious activities or potential cybersecurity incidents are encouraged to report them to CISA, fostering collaboration and a collective response to online threats.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.