Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess 8.x < 8.1 Multiple Vulnerabilities

Critical

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is 8.x prior to 8.1 and is affected by the following vulnerabilities :

- Multiple overflow conditions exist in 'BwpAlarm.dll' that are triggered as user-supplied input is not properly validated when handling various IOCTL system calls. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134101, OSVDB 134107, OSVDB 134108, OSVDB 134109, OSVDB 134110, OSVDB 134111, OSVDB 134113, OSVDB 134114, OSVDB 134115, OSVDB 134116, OSVDB 134118, OSVDB 134119, OSVDB 134120, OSVDB 134121, OSVDB 134122, OSVDB 134123, OSVDB 134133, OSVDB 134134) - An overflow condition exists in 'WaDBS.dll' that is triggered as user-supplied input is not properly validated when handling IOCTL 0x13C7C and the 'TagName' parameter. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134102) - An overflow condition exists in 'BwBASScdDl.dll' that is triggered as user-supplied input is not properly validated when handling IOCTL 0x138B4 and the 'TargetHost' parameter. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134103) - An overflow condition exists in 'BwOpcSvc.dll' that is triggered as user-supplied input is not properly validated when handling IOCTL 0x13895 and the 'WindowName' parameter. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134104, OSVDB 134105, OSVDB 134106, OSVDB 134112) - Multiple overflow conditions exist in 'BwKrlApi.dll' that are triggered as user-supplied input is not properly validated when handling various IOCTL system calls. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134117, OSVDB 134124, OSVDB 134129, OSVDB 134144) - Multiple overflow conditions exist in 'ViewSrv.dll' that are triggered as user-supplied input is not properly validated when handling various IOCTL system calls. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134125, OSVDB 134126, OSVDB 134127, OSVDB 134128, OSVDB 134130, OSVDB 134131, OSVDB 134132) - Multiple overflow conditions exist in 'DrawSrv.dll' that are triggered as user-supplied input is not properly validated when handling various IOCTL system calls. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134137, OSVDB 134138, OSVDB 134141, OSVDB 134142, OSVDB 134143) - An overflow condition exists in 'ViewDll.dll' that is triggered as user-supplied input is not properly validated when handling IOCTL 0x280B. With a specially crafted request to the webvrpcs service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134139, OSVDB 134140) - Multiple overflow conditions exist in 'datacore.exe' that are triggered as user-supplied input is not properly validated when handling various IOCTL system calls. With a specially crafted request to the datacore service, a remote attacker can cause a stack-based buffer overflow, resulting in a crash or potentially allowing the execution of arbitrary code. (OSVDB 134135, OSVDB 134136,OSVDB 134145, OSVDB 134146, OSVDB 134147, OSVDB 134148, OSVDB 134149, OSVDB 134150, OSVDB 134151, OSVDB 134152, OSVDB 134153, OSVDB 134154, OSVDB 134155, OSVDB 134156) - A flaw exists that is triggered as file types and extensions for uploaded files are not properly validated by the Dashboard Viewer 'UploadAjaxAction' script before being placed in a user-accessible path. This may allow a remote attacker to upload e.g. an arbitrary file and then request it in order to execute arbitrary code with SYSTEM privileges. (OSVDB 134157) - A flaw exists that is triggered as file types and extensions for uploaded files are not properly validated by the Dashboard Viewer 'SaveGeneralFile' script before being placed in a user-accessible path. This may allow a remote attacker to upload e.g. an arbitrary file and then request it in order to execute arbitrary code with SYSTEM privileges. (OSVDB 134158) - A flaw exists in Dashboard Viewer that allows traversing outside of a restricted path. The issue is due to the 'removeFolder' script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a remote attacker can delete, rename, overwrite, and read arbitrary directories on the system. (OSVDB 134159, OSVDB 134160, OSVDB 134161, OSVDB 134162)

Solution

Upgrade to Advantech WebAccess version 8.1 or later.