Detections
Analytics

Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

high Nessus Plugin ID 85692

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :

 - A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session.

 - A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.

Solution

Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

See Also

http://www.nessus.org/u?32c8d148

Plugin Details

Severity: High

ID: 85692

File Name: scada_advantech_webaccess_7_0_2011_12_20.nbin

Version: 1.111

Type: remote

Family: SCADA

Published: 8/28/2015

Updated: 7/17/2023

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 12/20/2011

Vulnerability Publication Date: 12/20/2011