Advantech WebAccess SQLi

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host is running a web application that is affected by a SQL
injection vulnerability.

Description :

The Advantech WebAccess web server running on the remote host is
affected by a SQL injection (SQLi) vulnerability in the WaExlViewer
web application due to a failure to properly sanitize user-supplied
input to the updateTemplate.aspx page. An authenticated, remote
attacker can exploit this, via a series of crafted HTTP requests, to
disclose passwords of administrative accounts used by Advantech
WebAccess. Note that an attacker can also exploit this vulnerability
without authentication by leveraging an existing authentication bypass
vulnerability (CVE-2017-5152).

Nessus has exploited the authentication bypass vulnerability
(CVE-2017-5152) in order to exploit the SQLi vulnerability
(CVE-2017-5154).

See also :

https://www.tenable.com/security/research/tra-2017-04
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01
http://www.zerodayinitiative.com/advisories/ZDI-17-043/

Solution :

Upgrade to Advantech WebAccess version 8.2-2016.11.21 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SCADA

Nessus Plugin ID: 96876 ()

Bugtraq ID: 95410

CVE ID: CVE-2017-5154

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now