Advantech WebAccess 7.2 < 7.2-2014.07.30 Multiple ActiveX RCE

medium Nessus Plugin ID 85600

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote host is running a version of Advantech WebAccess 7.2 prior to version 7.2-2014.07.30 It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'NodeName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0985)
- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'GotoCmd' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0986)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'NodeName2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0987)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0988)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'AccessCode2' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0989)

- An overflow condition exists in the webvact.ocx ActiveX control due to improper validation of user-supplied input when handling the 'UserName' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0990)

- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'projectname' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
(CVE-2014-0991)

- An overflow condition exists in an unspecified ActiveX control due to improper validation of user-supplied input when handling the 'password' parameter. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2014-0992)

Solution

Upgrade Advantech WebAccess to version 7.2-2014.07.30 or later.

See Also

http://www.nessus.org/u?32c8d148

https://ics-cert.us-cert.gov/advisories/ICSA-14-261-01

Plugin Details

Severity: Medium

ID: 85600

File Name: scada_advantech_webaccess_7_2_2014_07_30.nbin

Version: 1.129

Type: remote

Family: SCADA

Published: 8/24/2015

Updated: 11/22/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/30/2014

Vulnerability Publication Date: 9/2/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0985, CVE-2014-0986, CVE-2014-0987, CVE-2014-0988, CVE-2014-0989, CVE-2014-0990, CVE-2014-0991, CVE-2014-0992

BID: 69529, 69531, 69532, 69533, 69534, 69535, 69536, 69538

ICSA: 14-261-01