Advantech WebAccess < 8.1-2015.12.30 Multiple Vulnerabilities

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has a web application running that is affected by
multiple vulnerabilities.

Description :

The Advantech WebAccess application running on the remote host is
prior to version 8.1-2015.12.30. It is, therefore, affected by
multiple vulnerabilities :

- An information disclosure vulnerability exists due to
the storage of email project accounts in plaintext. A
remote attacker can exploit this to disclose sensitive
information about email project accounts.
(CVE-2015-3943)

- A cross-site request forgery vulnerability exists due to
a failure to require multiple steps, explicit
confirmation, or a unique token when performing
sensitive actions. A remote attacker can exploit this,
by convincing a user to follow a specially crafted link,
to hijack the authentication of users. (CVE-2015-3946)

- A SQL injection vulnerability exists due to improper
sanitization of user-supplied input before using it in
SQL queries. A remote, authenticated attacker can
exploit this to inject or manipulate SQL queries to the
back-end database, resulting in the manipulation or
disclosure of arbitrary data. (CVE-2015-3947)

- A cross-site scripting vulnerability exists due to
improper validation of input before returning it to
users. A remote, authenticated attacker can exploit
this, via a specially crafted request, to execute
arbitrary script code in a user's browser session.
(CVE-2015-3948)

- A remote code execution vulnerability exists in the
browser plugin due to improper sanitization of input to
file names and paths. A remote attacker can exploit this
to execute arbitrary code. (CVE-2015-6467)

- A remote code execution vulnerability exists due to a
format string flaw in BwOpcSvc.dll that is triggered as
format string specifiers (e.g. %s and %x) are not
properly provided when handling IOCTL 0x13881. A remote
attacker can exploit this, via a specially crafted
request to the webvrpcs service, to execute arbitrary
code. (CVE-2016-0851)

- An unspecified flaw exists due to improper access
control. A remote attacker can exploit this to gain
access to arbitrary files and folders. (CVE-2016-0852)

- An information disclosure vulnerability exists due to an
unspecified input validation flaw. A remote attacker can
exploit this to disclose sensitive information.
(CVE-2016-0853)

- Multiple remote code execution vulnerabilities exist due
to improper validation of file types and extensions by
the UploadAjaxAction, SaveGeneralFile, and FileUpload
scripts. A remote attacker can exploit these issues to
upload arbitrary files and execute them with SYSTEM
privileges. (CVE-2016-0854)

- Multiple path traversal and file overwrite
vulnerabilities exist in the Dashboard Viewer due to
improper sanitization of user-supplied input in the
renameFolder, addFolder, removeFolder, removeFile, and
openWidget scripts. A remote attacker can exploit these
issues, via a specially crafted request, to rename or
overwrite arbitrary files and folders. (CVE-2016-0855)

- Multiple remote code execution vulnerabilities exist due
to improper validation of user-supplied input when
handling IOCTL calls. A remote attacker can exploit
these issues, via a specially crafted request to the
webvrpcs or datacore service, to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2016-0856)

- Multiple remote code execution vulnerabilities exist due
to improper validation of user-supplied input when
handling IOCTL calls. A remote attacker can exploit
these issues, via a specially crafted request to the
webvrpcs or datacore service, to cause a heap-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2016-0857)

- A remote code execution vulnerability exists due to
improper validation of user-supplied input when handling
IOCTL 0x7920. A remote attacker can exploit this, via a
specially crafted request to the datacore service, to
cause a stack-based buffer overflow, resulting in a
denial of service condition or the execution of
arbitrary code. (CVE-2016-0858)

- A remote code execution vulnerability exists due to
improper validation of user-supplied input when handling
IOCTL 0x791E. A remote attacker can exploit this, via a
specially crafted request to the datacore service, to
cause an integer overflow condition, resulting in a
denial of service condition or the execution of
arbitrary code. (CVE-2016-0859)

- Multiple remote code execution vulnerabilities exist due
to improper validation of user-supplied input when
handling IOCTL 0x11172 and 0x11173. A remote attacker
can exploit these issues, via a specially crafted
request to the webvrpcs service, to cause a buffer
overflow, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2016-0860)

See also :

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

Solution :

Upgrade to Advantech WebAccess version 8.1-2015.12.30 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now