Advantech WebAccess Stored Cross-Site Scripting

low Nessus Plugin ID 73642

Synopsis

The remote host is affected by a stored cross-site scripting vulnerability.

Description

The remote host has a version of Advantech WebAccess prior to version 7.1-2013.05.29 (which is reported by installs using the '7.1-2013.05.30' installer package from the vendor). It is, therefore, affected by a stored cross-site scripting vulnerability in the 'ProjDesc' parameter of the '/broadWeb/include/gAddNew.asp' script.

Solution

Upgrade to Advantech WebAccess version 7.1-2013.05.29 (contained in 7.1-2013.05.30 installer package) or higher.

See Also

http://www.nessus.org/u?3bf0becc

Plugin Details

Severity: Low

ID: 73642

File Name: scada_advantech_webaccess_7_1_2013_05_29.nbin

Version: 1.140

Type: remote

Family: SCADA

Published: 4/14/2014

Updated: 11/22/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 3.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/13/2013

Vulnerability Publication Date: 1/8/2013

Reference Information

CVE: CVE-2013-2299

BID: 57178, 57227

ICS-ALERT: 13-009-01

ICSA: 13-225-01