Advantech WebAccess < 8.2_20170817 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web application running that is affected by
multiple vulnerabilities.

Description :

The Advantech WebAccess application running on the remote host is
prior to version 8.2.2017.08.17. It is, therefore, affected by
multiple vulnerabilities including SQL Injection, Out-of-Bounds
Access, Multiple Buffer Overflows, Externally Controlled Format
String, Improper Authentication, Incorrect Permission Assignment for
Critical Resource, Incorrect Privilege Assignment, and Uncontrolled
Search Path Element.

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02

Solution :

Upgrade to Advantech WebAccess version V8.2_20170817 or later.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now