Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities
High Nessus Plugin ID 85411
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Advantech WebAccess prior to version 7.2-2013.11.14. It is, therefore, affected by multiple vulnerabilities :
- Multiple SQL Injection vulnerabilities exist in 'DBVisitor.dll' that can be exploited via specially crafted SOAP requests. (CVE-2014-0763)
- Multiple stack-based buffer overflow conditions exist in an ActiveX control. (CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768)
- The 'NodeName' parameter on the web interface is affected by a buffer overflow vulnerability.
- A flawed ActiveX control allows attackers to read arbitrary files. (CVE-2014-0771, CVE-2014-0772)
- A flawed ActiveX control allows certain executable names to be run from arbitrary path names.
SolutionUpgrade to Advantech WebAccess version 7.2-2013.11.14 or higher.