Millions of SCADA devices affected by Advantech vulnerabilities

Cybersecurity specialists revealed a report on multiple security vulnerabilities in Avantech affecting millions of SCADA devices. Successful exploiting of these failures would allow a threat actor to execute remote code, upload files, delete files, generate denial-of-service conditions, and create an administrator account for the application.

Below is a brief overview of each of the vulnerabilities found during the investigation, alongside their CVSS key.

CVE-2020-10621: Unrestricted file upload with dangerous type cwe-434. There are multiple problems that allow you to upload and run files on the system. The vulnerability has received a score of 9.8/10 on the Common Vulnerability Scoring System (CVSS) scale.

CVE-2020-106173: Incorrect neutralization of special items used in an SQL command (SQL INJECTION). There are multiple ways an unauthenticated hacker could perform a SQL injection to access sensitive information. This failure received a score of 7.5/10 on CVSS.

CVE-2020-10623: Incorrect neutralization of special items used in a SQL command (SQL INJECTION). Multiple vulnerabilities could allow a low-privileged hacker to perform a SQL injection and gain access to sensitive information. The fault received a score of 6.5/10.

CVE-2020-10625: Lack of CWE-306 critical function authentication. The application allows an unauthenticated remote user to create a new administrator account. This vulnerability received a score of 7.5/10.

CVE-2020-10629: Incorrect constraint of XML external entity reference CWE-611. The application does not disinfect the XML input; Specially designed XML input could allow a threat actor to read sensitive files. The fault received a score of 7.5/10 on CVSS.

CVE-2020-10603: Incorrect neutralization of special items used in an operating system command (system command injection). The application does not properly disinfect user input and can allow an attacker to inject system commands remotely. The fault received a score of 8.8/10 on the CVSS scale.

To mitigate the risk of exploitation, cybersecurity specialists recommend:

  • Minimize network exposure for all devices or systems in the control system to ensure that they are not accessible from the Internet
  • Identify the control system networks and remote devices behind firewalls and isolate them from the enterprise network

In addition, specialists recommend that organizations perform an in-depth impact analysis and appropriate risk assessment before implementing defensive measures.