Advantech WebAccess Authentication Bypass

High Nessus Plugin ID 96875

Synopsis

The remote host is running a web application that is affected by an authentication bypass vulnerability.

Description

The Advantech WebAccess web server running on the remote host is affected by an authentication bypass vulnerability in the WaExlViewer component due to a failure to properly manage authentication. An unauthenticated, remote attacker can exploit this, via a POST request with specially crafted parameters, to bypass intended restrictions, allowing the attacker to access restricted pages, upload template files, and delete existing templates.

Solution

Contact the vendor for a solution.

See Also

https://www.tenable.com/security/research/tra-2017-04

https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

http://www.zerodayinitiative.com/advisories/ZDI-17-043/

Plugin Details

Severity: High

ID: 96875

File Name: scada_advantech_webaccess_cve-2017-5152.nbin

Version: Revision: 1.22

Type: remote

Family: SCADA

Published: 2017/01/30

Modified: 2018/08/15

Dependencies: 73645

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploited by Nessus: true

Patch Publication Date: 2017/01/12

Vulnerability Publication Date: 2017/01/12

Reference Information

CVE: CVE-2017-5152

BID: 95410

ICSA: 17-012-01

TRA: TRA-2017-04

ZDI: ZDI-17-043