Advantech WebAccess 7.2 < 7.2-2014.07.30 Multiple ActiveX RCE

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by multiple vulnerabilities.

Description :

The remote host is running a version of Advantech WebAccess 7.2
prior to version 7.2-2014.07.30 It is, therefore, affected by
multiple vulnerabilities :

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'NodeName' parameter. A remote,
unauthenticated attacker can exploit this to cause a
stack-based buffer overflow, potentially allowing the
execution of arbitrary code. (CVE-2014-0985)

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'GotoCmd' parameter. A remote,
unauthenticated attacker can exploit this to cause a
stack-based buffer overflow, potentially allowing the
execution of arbitrary code. (CVE-2014-0986)

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'NodeName2' parameter. A remote,
unauthenticated attacker can exploit this to cause a
stack-based buffer overflow, potentially allowing the
execution of arbitrary code. (CVE-2014-0987)

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'AccessCode' parameter. A
remote, unauthenticated attacker can exploit this to
cause a stack-based buffer overflow, potentially
allowing the execution of arbitrary code.
(CVE-2014-0988)

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'AccessCode2' parameter. A
remote, unauthenticated attacker can exploit this to
cause a stack-based buffer overflow, potentially
allowing the execution of arbitrary code.
(CVE-2014-0989)

- An overflow condition exists in the webvact.ocx ActiveX
control due to improper validation of user-supplied
input when handling the 'UserName' parameter. A remote,
unauthenticated attacker can exploit this to cause a
stack-based buffer overflow, potentially allowing the
execution of arbitrary code. (CVE-2014-0990)

- An overflow condition exists in an unspecified ActiveX
control due to improper validation of user-supplied
input when handling the 'projectname' parameter. A
remote, unauthenticated attacker can exploit this to
cause a stack-based buffer overflow, potentially
allowing the execution of arbitrary code.
(CVE-2014-0991)

- An overflow condition exists in an unspecified ActiveX
control due to improper validation of user-supplied
input when handling the 'password' parameter. A remote,
unauthenticated attacker can exploit this to cause a
stack-based buffer overflow, potentially allowing the
execution of arbitrary code. (CVE-2014-0992)

See also :

http://www.nessus.org/u?32c8d148
https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01

Solution :

Upgrade Advantech WebAccess to version 7.2-2014.07.30 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now