Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

high Nessus Plugin ID 85692

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The version of Advantech WebAccess running on the remote host is prior to version 7.0-2011.12.20. It is, therefore, affected multiple vulnerabilities :

- A cross-site scripting vulnerability exist due to improper validation of unspecified input. A remote attacker, using a specially crafted request, can exploit this to execute arbitrary script code in the browser in the context of the user's session.

- A SQL injection vulnerability exists due to unspecified input not being properly sanitized before processing SQL queries. A remote attacker can exploit this to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data.

Solution

Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

See Also

http://www.nessus.org/u?32c8d148

Plugin Details

Severity: High

ID: 85692

File Name: scada_advantech_webaccess_7_0_2011_12_20.nbin

Version: 1.130

Type: remote

Family: SCADA

Published: 8/28/2015

Updated: 11/22/2024

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Required KB Items: www/scada_advantech_webaccess

Patch Publication Date: 12/20/2011

Vulnerability Publication Date: 12/20/2011