Advantech WebAccess < 8.1_20160519 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 9960
SynopsisThe detected version of Advantech WebAccess may be affected by multiple attack vectors.
DescriptionThe installed version of Advantech WebAccess is prior to 8.1_20160519 and is affected by the following vulnerabilities :
- A flaw exists that is triggered as 'upAdminPg.asp' exposes sensitive information, including administrative passwords. This may allow an authenticated remote attacker to disclose sensitive information. (OSVDB 142284)
- A flaw exists that is triggered as multiple unspecified ActiveX controls, which are intended for restricted use, are instead marked as safe-for-scripting. This may potentially allow a context-dependent attacker to leverage them to conduct attacks. (OSVDB 140285)
- An overflow condition in exists 'cellvision.ocx' that is triggered as user-supplied input is not properly validated when handling DLL files. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 140286)
- A flaw exists in the project user web page that may expose password information to remote attackers. No further details have been provided by the vendor. (OSVDB 142561)
- An overflow condition exists in the 'cellvision.ocx' control. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 142562)
SolutionUpgrade to Advantech WebAccess version 8.1_20160519 or later.