Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 7.2-2014.06.06 Multiple Vulnerabilities



The detected version of Advantech WebAccess may be affected by multiple attack vectors.


The installed version of Advantech WebAccess is prior to 7.2-2014.06.06 and is affected by the following vulnerabilities :

- Multiple stack overflows can be triggered with overly long strings to the 'ProjectName', 'SetParameter', 'NodeName', 'CCDParameter', 'SetColor', 'AlarmImage', 'GetParameter', 'GetColor', 'ServerResponse', 'SetBaud', and 'IPAddress' parameters of the 'webvact.ocx', 'dvs.ocx', and 'webdact.ocx' ActiveX files. (CVE-2014-2364) - An unspecified flaw exists in WebAccess that allows an attacker to create or delete arbitrary files. (CVE-2014-2365) - The 'pAdminPg.asp' component includes the password of the specified account in the underlying HTML. (CVE-2014-2366) - The 'ChkCookie' subroutine in the 'broadweb\include\gChkCook.asp' ActiveX control can be abused to bypass authentication. (CVE-2014-2367) - The 'BrowseFolder' method of the 'bwocxrun' ActiveX control allows navigation from the Internet to a local file. (CVE-2014-2368)


Upgrade to Advantech WebAccess version 7.2-2014.06.06 or later.