Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

High Nessus Plugin ID 85692


The remote host is affected by multiple vulnerabilities.


The version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :

- A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session. (VulnDB 124949)

- A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.
(VulnDB 124950)


Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

See Also

Plugin Details

Severity: High

ID: 85692

File Name: scada_advantech_webaccess_7_0_2011_12_20.nbin

Version: $Revision: 1.24 $

Type: remote

Family: SCADA

Published: 2015/08/28

Modified: 2018/01/29

Dependencies: 73645

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 2011/12/20

Vulnerability Publication Date: 2011/12/20

Reference Information

OSVDB: 124949, 124950