Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host has a version of Advantech WebAccess prior to version
7.2-2014.06.06. It is, therefore, affected by multiple
vulnerabilities :

- Multiple stack overflows can be triggered with overly
long strings to the 'ProjectName', 'SetParameter',
'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage',
'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud',
and 'IPAddress' parameters of the webvact.ocx, dvs.ocx,
and webdact.ocx ActiveX files. (CVE-2014-2364)

- An unspecified flaw exists in WebAccess that allows an
attacker to create or delete arbitrary files.

- The pAdminPg.asp component includes the password of the
specified account in the underlying HTML.

- The ChkCookie subroutine in the
broadweb\include\gChkCook.asp ActiveX control can be
abused to bypass authentication. (CVE-2014-2367)

- The 'BrowseFolder' method of the bwocxrun ActiveX
control allows navigation from the Internet to a local
file. (CVE-2014-2368)

See also :

Solution :

Upgrade to Advantech WebAccess version 7.2-2014.06.06 or higher.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 73643 ()

Bugtraq ID: 68714

CVE ID: CVE-2014-2364