Advantech WebAccess openWidget Script Path Traversal Remote File Disclosure

high Nessus Plugin ID 88839

Synopsis

The remote host has a web application that is affected by a file disclosure vulnerability.

Description

The Advantech WebAccess web server running on the remote host is affected by a file disclosure vulnerability in the WebAccess Dashboard Viewer due to a failure to properly sanitize user-supplied input to the openWidget script. An unauthenticated, remote attacker can exploit this, via path traversal, to read the content of arbitrary files on the WebAccess server.

Note that this Advantech WebAccess web server is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for these.

Solution

Upgrade to Advantech WebAccess version 8.1-2015.12.30 or later.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

https://www.zerodayinitiative.com/advisories/ZDI-16-126/

Plugin Details

Severity: High

ID: 88839

File Name: scada_advantech_webaccess_cve-2016-0855.nbin

Version: 1.128

Type: remote

Family: SCADA

Published: 2/18/2016

Updated: 11/12/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2016-0855

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:webaccess

Required KB Items: www/scada_advantech_webaccess

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 12/30/2015

Vulnerability Publication Date: 1/14/2016

Reference Information

CVE: CVE-2016-0855

BID: 80745

ICSA: 16-014-01

ZDI: ZDI-16-126