95410

https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

https://www.tenable.com/security/research/tra-2017-04

The installed version of Advantech WebAccess is prior to 8.2_20161101 and is affected by the following vulnerabilities :

 - An unspecified flaw exists in the authentication mechanism.  This may allow a remote attacker to bypass authentication and access restricted pages. (CVE-2017-5152)
 - A flaw exists that may allow carrying out an SQL injection attack.  The issue is due to the 'updateTemplate.aspx' script not properly sanitizing input to unspecified parameters.  This may allow an authenticated, remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. (CVE-2017-5154)
 - A flaw exists that is triggered when loading certain dynamic-link libraries. The program uses an insecure path to look for specific files or libraries that includes the current working directory, which may not be trusted or under user control. By placing a specially crafted library in the path, a local attacker can inject and execute arbitrary code with the privilege of the user running the program. (CVE-2017-5175)

The Advantech WebAccess web server running on the remote host is affected by a SQL injection (SQLi) vulnerability in the WaExlViewer web application due to a failure to properly sanitize user-supplied input to the updateTemplate.aspx page. An authenticated, remote attacker can exploit this, via a series of crafted HTTP requests, to disclose passwords of administrative accounts used by Advantech WebAccess. Note that an attacker can also exploit this vulnerability without authentication by leveraging an existing authentication bypass vulnerability (CVE-2017-5152).

Nessus has exploited the authentication bypass vulnerability (CVE-2017-5152) in order to exploit the SQLi vulnerability (CVE-2017-5154).

ID	Name	Product	Family	Severity
9961	Advantech WebAccess < 8.2_20161101 Multiple Vulnerabilities	Nessus Network Monitor	SCADA	critical
96876	Advantech WebAccess SQLi	Nessus	SCADA	high

CVE-2017-5154

HIGH

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

high