Advantech WebAccess < 7.0-2011.08.27 Multiple ActiveX RCE

Medium Nessus Plugin ID 85543


The remote host has multiple ActiveX controls installed that are affected by remote code execution vulnerabilities.


The version of Advantech WebAccess running on the remote host is prior to 7.0-2011.08.27. Therefore, it includes the ActiveX controls webdobj.dll and bwscript.dll. These ActiveX controls contain buffer overflow conditions due to improper validation of user-supplied input.
A remote attacker, using a specially crafted web page, can exploit these to cause a buffer overflow, potentially resulting in the execution of arbitrary code.


Upgrade to Advantech WebAccess version 7.0-2011.08.27 or later.

See Also

Plugin Details

Severity: Medium

ID: 85543

File Name: scada_advantech_webaccess_7_0_2011_08_27.nbin

Version: $Revision: 1.24 $

Type: remote

Family: SCADA

Published: 2015/08/19

Modified: 2018/01/29

Dependencies: 73645

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 2011/08/27

Vulnerability Publication Date: 2011/08/27

Reference Information

OSVDB: 124951, 124952