Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

High Nessus Plugin ID 85692

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :

- A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session. (VulnDB 124949)

- A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.
(VulnDB 124950)

Solution

Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

See Also

http://www.nessus.org/u?32c8d148

Plugin Details

Severity: High

ID: 85692

File Name: scada_advantech_webaccess_7_0_2011_12_20.nbin

Version: $Revision: 1.33 $

Type: remote

Family: SCADA

Published: 2015/08/28

Modified: 2018/06/15

Dependencies: 73645

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 2011/12/20

Vulnerability Publication Date: 2011/12/20