Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities

high Nessus Plugin ID 73643

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host has a version of Advantech WebAccess prior to version 7.2-2014.06.06. It is, therefore, affected by multiple vulnerabilities :

- Multiple stack overflows can be triggered with overly long strings to the 'ProjectName', 'SetParameter', 'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage', 'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud', and 'IPAddress' parameters of the webvact.ocx, dvs.ocx, and webdact.ocx ActiveX files. (CVE-2014-2364)

- An unspecified flaw exists in WebAccess that allows an attacker to create or delete arbitrary files.
(CVE-2014-2365)

- The pAdminPg.asp component includes the password of the specified account in the underlying HTML.
(CVE-2014-2366)

- The ChkCookie subroutine in the broadweb\include\gChkCook.asp ActiveX control can be abused to bypass authentication. (CVE-2014-2367)

- The 'BrowseFolder' method of the bwocxrun ActiveX control allows navigation from the Internet to a local file. (CVE-2014-2368)

Solution

Upgrade to Advantech WebAccess version 7.2-2014.06.06 or higher.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-198-02

Plugin Details

Severity: High

ID: 73643

File Name: scada_advantech_webaccess_7_2.nbin

Version: 1.134

Type: remote

Family: SCADA

Published: 4/14/2014

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2014

Vulnerability Publication Date: 4/8/2014

Exploitable With

Core Impact

Metasploit (Advantech WebAccess dvs.ocx GetColor Buffer Overflow)

Reference Information

CVE: CVE-2014-2364, CVE-2014-2365, CVE-2014-2366, CVE-2014-2367, CVE-2014-2368

BID: 68714, 68715, 68716, 68717, 68718

ICSA: 14-198-02