SB2018102417 - Multiple vulnerabilities in Advantech WebAccess

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2018-14806)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files and compromise vulnerable system.

2) Stack-based buffer overflow (CVE-ID: CVE-2018-14816)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing certain requests. A remote unauthenticated attacker can send specially crafted request to the application, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Insecure DLL loading (CVE-ID: CVE-2018-14820)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and delete arbitrary files on the target system.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2018-14828)

Remediation

Install update from vendor's website.

References

• http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Dow...
• https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01