Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities

High Nessus Plugin ID 73643

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host has a version of Advantech WebAccess prior to version 7.2-2014.06.06. It is, therefore, affected by multiple vulnerabilities :

- Multiple stack overflows can be triggered with overly long strings to the 'ProjectName', 'SetParameter', 'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage', 'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud', and 'IPAddress' parameters of the webvact.ocx, dvs.ocx, and webdact.ocx ActiveX files. (CVE-2014-2364)

- An unspecified flaw exists in WebAccess that allows an attacker to create or delete arbitrary files.
(CVE-2014-2365)

- The pAdminPg.asp component includes the password of the specified account in the underlying HTML.
(CVE-2014-2366)

- The ChkCookie subroutine in the broadweb\include\gChkCook.asp ActiveX control can be abused to bypass authentication. (CVE-2014-2367)

- The 'BrowseFolder' method of the bwocxrun ActiveX control allows navigation from the Internet to a local file. (CVE-2014-2368)

Solution

Upgrade to Advantech WebAccess version 7.2-2014.06.06 or higher.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-198-02

Plugin Details

Severity: High

ID: 73643

File Name: scada_advantech_webaccess_7_2.nbin

Version: $Revision: 1.43 $

Type: remote

Family: SCADA

Published: 2014/04/14

Modified: 2018/04/18

Dependencies: 73645

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/03

Vulnerability Publication Date: 2014/04/08

Exploitable With

Core Impact

Metasploit (Advantech WebAccess dvs.ocx GetColor Buffer Overflow)

Reference Information

CVE: CVE-2014-2364, CVE-2014-2365, CVE-2014-2366, CVE-2014-2367, CVE-2014-2368

BID: 68714, 68715, 68716, 68717, 68718

OSVDB: 109315, 109316, 109317, 109318, 109319, 109320, 109321, 109322, 109323, 109324, 109325, 109326, 109327, 109328, 109329, 109331

ICSA: 14-198-02