CVE-2020-13550 – A local file inclusion vulnerability in Advante... (How to Fix)

Q: What is the severity of CVE-2020-13550?

CVE-2020-13550 has a CVSS score of 7.7 (HIGH). A local file inclusion vulnerability in Advantech WebAccess/SCADA 9.0.1 allows authenticated attackers to read arbitrary files on the system. This affects organizations using Advantech's industrial control system software for SCADA operations. The vulnerability requires authentication but can lead to sensitive information disclosure.

📋 TL;DR

A local file inclusion vulnerability in Advantech WebAccess/SCADA 9.0.1 allows authenticated attackers to read arbitrary files on the system. This affects organizations using Advantech's industrial control system software for SCADA operations. The vulnerability requires authentication but can lead to sensitive information disclosure.

💻 Affected Systems

Products:

Advantech WebAccess/SCADA

Versions: 9.0.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the installation functionality. Requires WebAccess/SCADA to be installed and running.

📦 What is this software?

Webaccess\/scada by Advantech

View all CVEs affecting Webaccess\/scada →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, credentials, or proprietary data, potentially enabling further attacks on industrial control systems.

🟠

Likely Case

Information disclosure of system files, configuration data, or application files that could aid in reconnaissance for additional attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, authentication controls, and file system permissions restricting access to sensitive files.

🌐 Internet-Facing: MEDIUM - While authentication is required, exposed WebAccess instances could be targeted by attackers who obtain or brute-force credentials.

🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this to gather sensitive information for lateral movement or further attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated HTTP requests. Proof of concept details are publicly available in the Talos Intelligence report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.0.2 or later

Vendor Advisory: https://www.advantech.com/support/details/firmware?id=1-2S6VLB

Restart Required: Yes

Instructions:

1. Download the latest version from Advantech's support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the WebAccess/SCADA service.

🔧 Temporary Workarounds

Restrict network access

all

Limit access to WebAccess/SCADA to only trusted networks and users

Configure firewall rules to restrict access to WebAccess ports (typically 80/443)

Strengthen authentication

all

Implement strong password policies and multi-factor authentication

Enforce complex passwords, account lockout policies, and consider MFA integration

🧯 If You Can't Patch

Implement strict network segmentation to isolate WebAccess/SCADA systems from untrusted networks
Apply principle of least privilege to file system permissions and restrict access to sensitive directories

🔍 How to Verify

Check if Vulnerable:

Check WebAccess/SCADA version in the application interface or installation directory. Version 9.0.1 is vulnerable.

Check Version:

Check Help > About in WebAccess client or examine installation directory properties

Verify Fix Applied:

Verify version is 9.0.2 or later after patching. Test file inclusion attempts should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in WebAccess logs
Multiple failed authentication attempts followed by successful login and file requests

Network Indicators:

HTTP requests with file path traversal patterns to WebAccess installation endpoints

SIEM Query:

source="webaccess" AND (url="*../*" OR url="*..\\*" OR url="*install*" AND status=200)

📊 Metadata

CVE ID: CVE-2020-13550

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-22

Published: February 17, 2021

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1168 Exploit,Technical Description,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1168 Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13550, you might also want to check these: