Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host has a version of Advantech WebAccess prior to version
7.2-2014.06.06. It is, therefore, affected by multiple
vulnerabilities :

- Multiple stack overflows can be triggered with overly
long strings to the 'ProjectName', 'SetParameter',
'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage',
'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud',
and 'IPAddress' parameters of the webvact.ocx, dvs.ocx,
and webdact.ocx ActiveX files. (CVE-2014-2364)

- An unspecified flaw exists in WebAccess that allows an
attacker to create or delete arbitrary files.
(CVE-2014-2365)

- The pAdminPg.asp component includes the password of the
specified account in the underlying HTML.
(CVE-2014-2366)

- The ChkCookie subroutine in the
broadweb\include\gChkCook.asp ActiveX control can be
abused to bypass authentication. (CVE-2014-2367)

- The 'BrowseFolder' method of the bwocxrun ActiveX
control allows navigation from the Internet to a local
file. (CVE-2014-2368)

See also :

http://www.nessus.org/u?32c8d148
https://ics-cert.us-cert.gov/advisories/ICSA-14-198-02

Solution :

Upgrade to Advantech WebAccess version 7.2-2014.06.06 or higher.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 73643 ()

Bugtraq ID: 68714
68715
68716
68717
68718

CVE ID: CVE-2014-2364
CVE-2014-2365
CVE-2014-2366
CVE-2014-2367
CVE-2014-2368