Advantech WebAccess < 6.0-2008.06.06 Remote Authentication Bypass

Medium Nessus Network Monitor Plugin ID 9951

Synopsis

The detected version of Advantech WebAccess may be affected by a remote authentication bypass attack vector.

Description

The installed version of Advantech WebAccess is prior to 6.0-2008.06.06 and is affected by an unspecified flaw in the Project Manager Login page that may allow a remote attacker to bypass authentication mechanisms. No further details have been provided.

Solution

Upgrade to Advantech WebAccess version 6.0-2008.06.06 or later.

See Also

http://advantech.vo.llnwd.net/o35/www/webaccess/WebAccess%208.0/Version%208.0.htm

http://webaccess.advantech.com/downloads/Release%20Notes%20Candidate.htm

Plugin Details

Severity: Medium

ID: 9951

Family: SCADA

Published: 2017/02/14

Modified: 2017/02/14

Dependencies: 9860

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Patch Publication Date: 2008/06/06

Vulnerability Publication Date: 2008/06/06