95410

https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

https://www.tenable.com/security/research/tra-2017-04

The installed version of Advantech WebAccess is prior to 8.2_20161101 and is affected by the following vulnerabilities :

 - An unspecified flaw exists in the authentication mechanism.  This may allow a remote attacker to bypass authentication and access restricted pages. (CVE-2017-5152)
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the 'updateTemplate.aspx' script not properly sanitizing input to unspecified parameters.  This may allow an authenticated, remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2017-5154)
 - A flaw exists that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path, a local attacker can inject and execute arbitrary code with the privilege of the user running the program. (CVE-2017-5175)

The Advantech WebAccess web server running on the remote host is affected by an authentication bypass vulnerability in the WaExlViewer component due to a failure to properly manage authentication. An unauthenticated, remote attacker can exploit this, via a POST request with specially crafted parameters, to bypass intended restrictions, allowing the attacker to access restricted pages, upload template files, and delete existing templates.

ID	Name	Product	Family	Severity
9961	Advantech WebAccess < 8.2_20161101 Multiple Vulnerabilities	Nessus Network Monitor	SCADA	critical
96875	Advantech WebAccess Authentication Bypass	Nessus	SCADA	high

CVE-2017-5152

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins