Multiple vulnerabilities in Advantech WebAccess



Published: 2014-04-12 | Updated: 2020-08-10
Risk Medium
Patch available NO
Number of vulnerabilities 15
CVE-ID CVE-2014-2364
CVE-2014-2365
CVE-2014-2366
CVE-2014-2367
CVE-2014-2368
CVE-2014-0763
CVE-2014-0764
CVE-2014-0765
CVE-2014-0766
CVE-2014-0767
CVE-2014-0768
CVE-2014-0770
CVE-2014-0771
CVE-2014-0772
CVE-2014-0773
CWE-ID CWE-121
CWE-20
CWE-200
CWE-89
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #6 is available.
Vulnerable software
Subscribe
Advantech WebAccess
Server applications / SCADA systems

Vendor Advantech Co., Ltd

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU41468

Risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2014-2364

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html
http://www.securityfocus.com/bid/68714


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Input validation error

EUVDB-ID: #VU41469

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2365

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote #AU# to manipulate or delete data.

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Information disclosure

EUVDB-ID: #VU41470

Risk: Low

CVSSv3.1: 1.3 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2366

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote #AU# to gain access to sensitive information.

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU41471

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2367

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU41472

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2368

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) SQL injection

EUVDB-ID: #VU41823

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:U/RC:C]

CVE-ID: CVE-2014-0763

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66740


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

7) Stack-based buffer overflow

EUVDB-ID: #VU41824

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0764

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long NodeName parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66718


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU41825

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0765

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long GotoCmd argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66722


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU41826

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0766

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long NodeName2 argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66725


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Stack-based buffer overflow

EUVDB-ID: #VU41827

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0767

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long AccessCode argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66728


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Stack-based buffer overflow

EUVDB-ID: #VU41828

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0768

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long AccessCode2 argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
http://www.securityfocus.com/bid/66732


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

EUVDB-ID: #VU41829

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0770

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a long UserName parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU41830

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0771

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU41831

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0772

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU41832

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-0773

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Mitigation

Install update from vendor's website.

Vulnerable software versions

Advantech WebAccess: 5.0 - 7.0

External links

http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###