This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The remote host has a version of Advantech WebAccess prior to version
7.2-2014.06.06. It is, therefore, affected by multiple
- Multiple stack overflows can be triggered with overly
long strings to the 'ProjectName', 'SetParameter',
'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage',
'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud',
and 'IPAddress' parameters of the webvact.ocx, dvs.ocx,
and webdact.ocx ActiveX files. (CVE-2014-2364)
- An unspecified flaw exists in WebAccess that allows an
attacker to create or delete arbitrary files.
- The pAdminPg.asp component includes the password of the
specified account in the underlying HTML.
- The ChkCookie subroutine in the
broadweb\include\gChkCook.asp ActiveX control can be
abused to bypass authentication. (CVE-2014-2367)
- The 'BrowseFolder' method of the bwocxrun ActiveX
control allows navigation from the Internet to a local
See also :
Upgrade to Advantech WebAccess version 7.2-2014.06.06 or higher.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true
Nessus Plugin ID: 73643 ()
Bugtraq ID: 6871468715687166871768718
CVE ID: CVE-2014-2364CVE-2014-2365CVE-2014-2366CVE-2014-2367CVE-2014-2368
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.