PatchSiren cyber security CVE debrief
CVE-2017-5154 Advantech CVE debrief
CVE-2017-5154 is a critical SQL injection vulnerability affecting Advantech WebAccess 8.1. According to the NVD record, an attacker who can supply malformed input to the application may be able to achieve administrative access to the application and its data files. Because the flaw is network-exploitable, requires no privileges or user interaction, and is rated CVSS 9.8, it should be treated as an urgent remediation item.
- Vendor
- Advantech
- Product
- CVE-2017-5154
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Organizations running Advantech WebAccess 8.1, especially OT/ICS environments, administrators responsible for HMI/SCADA management, and security teams monitoring externally reachable industrial web applications.
Technical summary
The NVD entry maps this issue to CWE-89 (SQL Injection) and lists the affected CPE as advantech:webaccess:8.1. The CVSS v3.0 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a remotely reachable flaw with no authentication or user interaction required and high impact to confidentiality, integrity, and availability. The published description states that malformed input can trigger the vulnerability and that successful exploitation may result in administrative access to the application and its data files.
Defensive priority
Immediate
Recommended defensive actions
- Verify whether Advantech WebAccess 8.1 is deployed anywhere in the environment, including exposed OT/ICS segments and legacy systems.
- Apply vendor or advisory-guided remediation as soon as possible; use the official NVD and ICS-CERT references to confirm the current fix or mitigation path.
- Restrict network exposure to the WebAccess service until patched, especially from untrusted or enterprise-wide network segments.
- Review authentication, administrative accounts, and application data-file access for signs of unauthorized activity.
- Monitor logs and web-facing telemetry for suspicious malformed requests consistent with SQL injection attempts.
- If patching is delayed, isolate the affected instance and place compensating controls around access to the management interface and data files.
Evidence notes
The debrief is based on the supplied CVE record and NVD metadata. Key evidence includes the CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, the CWE-89 classification, and the vulnerable CPE entry for Advantech WebAccess 8.1. The supplied references also point to an ICS-CERT advisory and a Tenable research note. The CVE was originally published on 2017-02-13; the later 2026-05-13 modified timestamp reflects record maintenance, not the original disclosure date.
Official resources
-
CVE-2017-5154 CVE record
CVE.org
-
CVE-2017-5154 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Mitigation, Third Party Advisory, US Government Resource
- Source reference
Publicly disclosed on 2017-02-13 in the CVE/NVD record; the NVD entry was later modified on 2026-05-13.