Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host has a version of Advantech WebAccess prior to version
7.2-2013.11.14. It is, therefore, affected by multiple
vulnerabilities :

- Multiple SQL Injection vulnerabilities exist in
'DBVisitor.dll' that can be exploited via specially
crafted SOAP requests. (CVE-2014-0763)

- Multiple stack-based buffer overflow conditions exist in
an ActiveX control. (CVE-2014-0764, CVE-2014-0765,
CVE-2014-0766, CVE-2014-0767, CVE-2014-0768)

- The 'NodeName' parameter on the web interface is
affected by a buffer overflow vulnerability.
(CVE-2014-0770)

- A flawed ActiveX control allows attackers to read
arbitrary files. (CVE-2014-0771, CVE-2014-0772)

- A flawed ActiveX control allows certain executable
names to be run from arbitrary path names.
(CVE-2014-0773)

Solution :

Upgrade to Advantech WebAccess version 7.2-2013.11.14 or higher.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now