Tenable Research Advisory: Advantech WebAccess Remote Command Execution Still Exploitable

Ryan Seguin

Tenable Researcher Chris Lyne discovered that Advantech WebAccess versions 8.3, 8.3.1 and 8.3.2 are still vulnerable to remote command execution CVE-2017-16720, which was originally disclosed by ZDI in January 2018 and has a public exploit.

Background

Tenable Research’s Chris Lyne has discovered that Advantech WebAccess remains unprotected against a public exploit several months after a patch was released. Vulnerable WebAccess instances remain susceptible to an unauthenticated remote code execution (RCE) attack (CVE-2017-16720). WebAccess versions 8.3, 8.3.1 and 8.3.2 are affected.

On January 4, 2018, ICS-CERT released ICSA-18-004-02A to detail several vulnerabilities reported for Advantech WebAccess. One of the vulnerabilities, CVE-2017-16720, which was also disclosed by the Zero Day Initiative (ZDI), allows an unauthenticated remote attacker to execute arbitrary system commands.

The mitigation section of the ICS-CERT advisory states, “Advantech has released WebAccess Version 8.3 to address the reported vulnerabilities.” In March, two months after the release of the ICS-CERT advisory, a public exploit leveraging CVE-2017-16720 was published to the Exploit Database.

Vulnerability details

This vulnerability allows for remote command execution via the Remote Procedure Call (RPC) protocol over TCP port 4592. By utilizing malicious Distributed Computing Environment / Remote Procedure Calls (DCERPC), the webvrpcs.exe service will pass command line instructions to the host.

The webvrpcs.exe service runs with administrator access rights, which means an attacker can take control of an asset at that privilege level.

Exploitation

There is a publicly available Proof of Concept (PoC) for this vulnerability. Little additional research would be required for an attacker to utilize this PoC against any WebAccess target.

Since this vulnerability was not previously patched, and a public exploit has been available for quite some time, up-to-date assets running WebAccess could have been exploited.

Vendor response

ICS-CERT indicates Advantech has a fix that will be released in September. We will update this section as we get more information, and remediation information becomes available.

Identifying Affected Systems

Tenable has the following plugin available for identifying vulnerable assets.

Plugin ID

Description

117361

Advantech WebAccess/SCADA Network Service Detection

Learn more:

  • Visit the Tenable Techblog on Medium to read researcher Chris Lyne's in-depth story about his work uncovering this vulnerability.
  • Visit the Tenable Research Advisories page to stay up-to-date on security vulnerabilities in third-party software discovered by a dedicated team supported by researchers and engineers at Tenable.

Learn more about Tenable.io, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Sep 10, 2018

People also viewed

Channel Sales Engineer

Santiago Santiago Chile Santiago, Chile Sales Engineering Sales
Your Role:The Channel Sales Engineer will support and will be working with production, engineering, and research and development, as well as external sales firms to determine how Tenable products and services could be designed or modified to best ...

Engineering Manager - UI

Los Angeles California United States West Jefferson Boulevard, Playa Vista, Los Angeles, California, United States, 90066 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Engineering Manager - UI

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Cloud Platforms Research & Development
Your Role:Tenable is looking for an experienced UI Engineering manager, who would be responsible for leading a team of world class engineers.  This person would be expected to help grow and mentor experience engineers. Background in working with m...

Commercial Territory Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 20146 Sales Sales
Your Role:The Commercial Territory Manager will meet and exceed quarterly sales quota by developing new opportunities within specific geographical territory.  Researching and identifying potential accounts; outbound cold calling to soliciting new ...

Recruiter - UK

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Human Resources Human Resources
Your Role:Tenable is seeking a talented Recruiter who will source, screen and ultimately close exceptional sales, marketing and professional services talent. You’ll partner with Tenable’s Sales leadership to create and maintain a talent pipeline, ...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.