Advantech WebAccess Multiple BWOCXRUN.OCX ActiveX Vulnerabilities

high Nessus Plugin ID 73641

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host has an ActiveX control (BWOCXRUN.OCX) installed that is affected by multiple vulnerabilities :

- Multiple methods all allow remote attackers to read arbitrary files. (CVE-2014-0771, CVE-2014-0772)

- The CreateProcess method allows certain executable names to be run from arbitrary path names. (CVE-2014-0773)

Solution

Upgrade to Advantech WebAccess version 7.2 or higher.

Plugin Details

Severity: High

ID: 73641

File Name: scada_advantech_bwocxrun1.nbin

Version: 1.228

Type: local

Family: SCADA

Published: 4/14/2014

Updated: 11/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0773

Vulnerability Information

CPE: cpe:/a:advantech:webaccess, cpe:/a:broadwin:webaccess

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 3/3/2014

Vulnerability Publication Date: 4/8/2014

Reference Information

CVE: CVE-2014-0771, CVE-2014-0772, CVE-2014-0773

BID: 66742, 66749, 66750

ICSA: 14-079-03

Detections

Analytics