Advantech WebAccess < 7.0-2011.08.27 Multiple ActiveX RCE

medium Nessus Plugin ID 85543

Synopsis

The remote host has multiple ActiveX controls installed that are affected by remote code execution vulnerabilities.

Description

The version of Advantech WebAccess running on the remote host is prior to 7.0-2011.08.27. Therefore, it includes the ActiveX controls webdobj.dll and bwscript.dll. These ActiveX controls contain buffer overflow conditions due to improper validation of user-supplied input.
A remote attacker, using a specially crafted web page, can exploit these to cause a buffer overflow, potentially resulting in the execution of arbitrary code.

Solution

Upgrade to Advantech WebAccess version 7.0-2011.08.27 or later.

See Also

http://www.nessus.org/u?b24f9dd5

Plugin Details

Severity: Medium

ID: 85543

File Name: scada_advantech_webaccess_7_0_2011_08_27.nbin

Version: 1.130

Type: remote

Family: SCADA

Published: 8/19/2015

Updated: 11/22/2024

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 8/27/2011

Vulnerability Publication Date: 8/27/2011