Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9957


The detected version of Advantech WebAccess may be affected by multiple attack vectors.


The installed version of Advantech WebAccess is prior to 7.2-2013.11.14 and is affected by the following vulnerabilities :

- Multiple SQL Injection vulnerabilities exist in 'DBVisitor.dll' that can be exploited via specially crafted SOAP requests. (CVE-2014-0763)
- Multiple stack-based buffer overflow conditions exist in an unspecified ActiveX control. (CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768)
- The 'NodeName' parameter on the web interface is affected by a buffer overflow vulnerability. (CVE-2014-0770)
- An unspecified ActiveX control contains a flaw that allows attackers to read arbitrary files. (CVE-2014-0771, CVE-2014-0772)
- An unspecified ActiveX control contains a flaw that allows certain executable names to be run from arbitrary path names. (CVE-2014-0773)


Upgrade to Advantech WebAccess version 7.2-2013.11.14 or later.

See Also

Plugin Details

Severity: High

ID: 9957

File Name: 9957.prm

Family: SCADA

Published: 2017/02/14

Modified: 2017/02/14

Dependencies: 9860

Nessus ID: 85411

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 8.1

Temporal Score: 7.5


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Patch Publication Date: 2012/02/16

Vulnerability Publication Date: 2012/02/16

Reference Information

CVE: CVE-2014-0763, CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768, CVE-2014-0770, CVE-2014-0771, CVE-2014-0772, CVE-2014-0773

BID: 66718, 66722, 66725, 66728, 66732, 66733, 66740, 66742, 66749, 66750