Advantech WebAccess Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host has a version of Advantech WebAccess prior to version
7.2. It is, therefore, affected by multiple vulnerabilities :

- Multiple SQL Injection vulnerabilities exist in
'DBVisitor.dll' that can be exploited via specially
crafted SOAP requests. (CVE-2014-0763)

- Multiple stack-based buffer overflow vulnerabilities
exist in an ActiveX control. (CVE-2014-0764,
CVE-2014-0765, CVE-2014-0766, CVE-2014-0767,
CVE-2014-0768)

- The 'NodeName' parameter on the web interface is
affected by a buffer overflow vulnerability.
(CVE-2014-0770)

- A flawed ActiveX control allows attackers to read
arbitrary files. (CVE-2014-0771, CVE-2014-0772)

- A flawed ActiveX control allows certain executable
names to be run from arbitrary path names.
(CVE-2014-0773)

- Multiple stack overflows can be triggered with overly
long strings to the 'ProjectName', 'SetParameter',
'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage',
'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud',
and 'IPAddress' parameters of the webvact.ocx, dvs.ocx,
and webdact.ocx ActiveX files. (CVE-2014-2364)

- An unspecified flaw in WebAccess allows an attacker to
create or delete arbitary files. (CVE-2014-2365)

- The ChkCookie subroutine in the
broadweb\include\gChkCook.asp ActiveX control can be
abused to bypass authentication. (CVE-2014-2367)

- The pAdminPg.asp component includes the password of the
specified account in the underlying HTML.
(CVE-2014-2366)

- The 'BrowseFolder' method of the bwocxrun ActiveX
control allows navigation from the Internet to a local
file. (CVE-2014-2368)

Solution :

Upgrade to Advantech WebAccess version 7.2 or higher.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true