Advantech WebAccess 7.2 < 7.2-2014.07.30 Multiple ActiveX RCE

High Nessus Network Monitor Plugin ID 9959

Synopsis

The detected version of Advantech WebAccess may be affected by multiple ActiveX Remote Code Execution (RCE) attack vectors.

Description

The installed version of Advantech WebAccess 7.2 is prior to 7.2-2014.07.30 and is affected by the following vulnerabilities :

- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'NodeName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0985)
- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'GotoCmd' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0986)
- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'NodeName2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0987)
- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0988)
- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0989)
- An overflow condition exists in the 'webvact.ocx' ActiveX control due to improper validation of user-supplied input when handling the 'UserName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0990)
- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'projectname' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0991)
- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'password' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0992)

Solution

Upgrade to Advantech WebAccess version 7.2-2014.07.30 or later.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01

Plugin Details

Severity: High

ID: 9959

File Name: 9959.prm

Family: SCADA

Published: 2017/02/14

Modified: 2017/02/14

Dependencies: 9860

Nessus ID: 85600

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Patch Publication Date: 2014/07/30

Vulnerability Publication Date: 2014/07/30

Reference Information

CVE: CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992

BID: 69529, 69531, 69532, 69533, 69534, 69535, 69536, 69538