Advantech WebAccess 7.2 < 7.2-2014.07.30 Multiple ActiveX RCE

Medium Nessus Plugin ID 85600

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host is running a version of Advantech WebAccess 7.2 prior to version 7.2-2014.07.30 It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'NodeName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0985)
- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'GotoCmd' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0986)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'NodeName2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0987)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0988)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0989)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'UserName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0990)

- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'projectname' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0991)

- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'password' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0992)

Solution

Upgrade Advantech WebAccess to version 7.2-2014.07.30 or later.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01

Plugin Details

Severity: Medium

ID: 85600

File Name: scada_advantech_webaccess_7_2_2014_07_30.nbin

Version: $Revision: 1.34 $

Type: remote

Family: SCADA

Published: 2015/08/24

Modified: 2018/07/19

Dependencies: 73645

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 2014/07/30

Vulnerability Publication Date: 2014/09/02

Reference Information

CVE: CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992

BID: 69529, 69531, 69532, 69533, 69534, 69535, 69536, 69538

ICSA: 14-261-01