Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess 8.x < 8.0-2015.08.16 RCE

Medium

Synopsis

The detected version of Advantech WebAccess may be affected by a remote code execution (RCE) attack vector.

Description

The installed version of Advantech WebAccess is 8.x prior to 8.0-2015.08.16 and is affected by an overflow condition. The issue is triggered as user-supplied input is not properly validated when handling an unspecified DLL string in a file. With a specially crafted file, a context-dependent attacker can cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.

Solution

Upgrade to Advantech WebAccess version 8.0-2015.08.16 or later.