Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 9958

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 7.2-2014.06.06 and is affected by the following vulnerabilities :

- Multiple stack overflows can be triggered with overly long strings to the 'ProjectName', 'SetParameter', 'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage', 'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud', and 'IPAddress' parameters of the 'webvact.ocx', 'dvs.ocx', and 'webdact.ocx' ActiveX files. (CVE-2014-2364)
- An unspecified flaw exists in WebAccess that allows an attacker to create or delete arbitrary files. (CVE-2014-2365)
- The 'pAdminPg.asp' component includes the password of the specified account in the underlying HTML. (CVE-2014-2366)
- The 'ChkCookie' subroutine in the 'broadweb\include\gChkCook.asp' ActiveX control can be abused to bypass authentication. (CVE-2014-2367)
- The 'BrowseFolder' method of the 'bwocxrun' ActiveX control allows navigation from the Internet to a local file. (CVE-2014-2368)

Solution

Upgrade to Advantech WebAccess version 7.2-2014.06.06 or later.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-198-02

Plugin Details

Severity: High

ID: 9958

File Name: 9958.prm

Family: SCADA

Published: 2017/02/14

Modified: 2017/02/14

Dependencies: 9860

Nessus ID: 73643

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Patch Publication Date: 2014/06/06

Vulnerability Publication Date: 2014/06/06

Exploitable With

Metasploit (Advantech WebAccess dvs.ocx GetColor Buffer Overflow)

Reference Information

CVE: CVE-2014-2364, CVE-2014-2365, CVE-2014-2366, CVE-2014-2367, CVE-2014-2368

BID: 68714, 68715, 68716, 68717, 68718

OSVDB: 109315, 109316, 109317, 109318, 109319, 109320, 109321, 109322, 109323, 109324, 109325, 109326, 109327, 109328, 109329, 109331