What is CVE-2021-33023?

CVE-2021-33023 refers to a vulnerability in Advantech WebAccess versions 9.02 and prior that allows for a remote code execution via a heap-based buffer overflow.

How severe is CVE-2021-33023?

CVE-2021-33023 is considered a critical vulnerability with a severity rating of 9.8 out of 10.

How does CVE-2021-33023 impact Advantech WebAccess versions 9.02 and prior?

The vulnerability in CVE-2021-33023 allows an attacker to remotely execute code on affected versions of Advantech WebAccess.

What software versions are affected by CVE-2021-33023?

Advantech WebAccess versions 9.02 and prior are affected by CVE-2021-33023.

Is there a fix available for CVE-2021-33023?

At the time of this writing, there is no specific fix available for CVE-2021-33023. It is recommended to follow the guidance provided by Advantech to mitigate the vulnerability.

Vulnerability/
CVE-2021-33023

critical

9.8

CWE

787 122 119

18/10/2021

17/9/2024

CVE-2021-33023: Advantech WebAccess

First published: Mon Oct 18 2021(Updated: )

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Advantech WebAccess	<=9.0.2
Advantech WebAccess versions 9.02 and prior

Remedy

In order to address the heap-based buffer overflow vulnerability, Advantech recommends users directly add the remote access code to avoid being attacked by unknown requests. This is the remote access code established during installation of the Advantech WebAccess SCADA software (SCADA node, project node, or OPC Service) on the OPC Server computer. The access code you enter here must match the remote access code established during installation on the OPC Server. This prevents unauthorized users from accessing the OPC Server data using the Advantech WebAccess SCADA OPC Service. If you have forgotten the remote access code using during software installation on the OPC Server node, you have two options: Re-install the Advantech WebAccess SCADA software on the OPC Server node to change it and edit it to match in your database. Edit the BWSERVER.INI file on the OPC Server node and edit it to match in your database using UPDATE.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-285-02

Frequently Asked Questions

What is CVE-2021-33023?
CVE-2021-33023 refers to a vulnerability in Advantech WebAccess versions 9.02 and prior that allows for a remote code execution via a heap-based buffer overflow.
How severe is CVE-2021-33023?
CVE-2021-33023 is considered a critical vulnerability with a severity rating of 9.8 out of 10.
How does CVE-2021-33023 impact Advantech WebAccess versions 9.02 and prior?
The vulnerability in CVE-2021-33023 allows an attacker to remotely execute code on affected versions of Advantech WebAccess.
What software versions are affected by CVE-2021-33023?
Advantech WebAccess versions 9.02 and prior are affected by CVE-2021-33023.
Is there a fix available for CVE-2021-33023?
At the time of this writing, there is no specific fix available for CVE-2021-33023. It is recommended to follow the guidance provided by Advantech to mitigate the vulnerability.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/remedy
agent/title
agent/first-publish-date
agent/description
agent/references
agent/severity
agent/softwarecombine
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/advantech
canonical/advantech webaccess
version/advantech webaccess/9.0.2
canonical/advantech webaccess versions 9.02 and prior