PatchSiren cyber security CVE debrief

CVE-2017-5152 Advantech CVE debrief

CVE-2017-5152 is a critical authentication bypass affecting Advantech WebAccess 8.1. According to the NVD record, a malicious user can access pages without authentication by requesting a specific URL on the web server. Because the issue is network-exploitable and requires no user interaction or privileges, exposed WebAccess deployments should be treated as high priority for review and mitigation.

Vendor: Advantech
Product: CVE-2017-5152
CVSS: CRITICAL 9.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

OT/ICS operators, control-system administrators, plant engineers, and security teams responsible for Advantech WebAccess 8.1 deployments—especially systems reachable from untrusted networks or remote-access paths.

Technical summary

The NVD entry maps this issue to CWE-287 (Improper Authentication) and assigns a CVSS v3.0 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, reflecting unauthenticated network access with potential confidentiality and integrity impact. The described flaw allows access to pages unrestricted through a specific URL on the WebAccess web server. The vulnerable CPE in the NVD record is advantech:webaccess:8.1.

Defensive priority

Critical. The combination of unauthenticated network reachability, low complexity, and high confidentiality/integrity impact makes this a top-priority remediation item for any exposed WebAccess 8.1 installation.

Recommended defensive actions

Identify whether Advantech WebAccess 8.1 is deployed anywhere in the environment, including lab, staging, and remote-access systems.
Restrict network access to the WebAccess web server immediately, especially from the internet and other untrusted networks.
Review the linked ICS-CERT and vendor-adjacent references for mitigation guidance and apply any available vendor remediation or upgrade path validated for your deployment.
Monitor web-server and application logs for requests to unusual or specific URLs associated with unauthorized page access.
Validate administrative access controls after mitigation and confirm that unauthenticated requests are no longer accepted.
If the product is no longer required, plan retirement or replacement to remove the exposed attack surface.

Evidence notes

The summary is based on the NVD CVE record, which states that accessing a specific URL on the web server allows unrestricted page access. The NVD record also provides the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N and CWE-287. Reference links in the corpus include an ICS-CERT advisory and a Tenable research note, both cited by the NVD metadata. No KEV listing or ransomware association is present in the supplied corpus.

Official resources

CVE-2017-5152 CVE record
CVE.org
CVE-2017-5152 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource
Source reference
[email protected]

CVE published by NVD/CVE on 2017-02-13 and modified on 2026-05-13, per the supplied timeline fields.