SB2014041201 - Multiple vulnerabilities in Advantech WebAccess
Published: April 12, 2014 Updated: August 10, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2014-2364)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Input validation error (CVE-ID: CVE-2014-2365)
The vulnerability allows a remote #AU# to manipulate or delete data.
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors.
3) Information disclosure (CVE-ID: CVE-2014-2366)
The vulnerability allows a remote #AU# to gain access to sensitive information.
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.
4) Information disclosure (CVE-ID: CVE-2014-2367)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
5) Information disclosure (CVE-ID: CVE-2014-2368)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call.
6) SQL injection (CVE-ID: CVE-2014-0763)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
7) Stack-based buffer overflow (CVE-ID: CVE-2014-0764)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long NodeName parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2014-0765)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long GotoCmd argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Stack-based buffer overflow (CVE-ID: CVE-2014-0766)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long NodeName2 argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Stack-based buffer overflow (CVE-ID: CVE-2014-0767)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long AccessCode argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Stack-based buffer overflow (CVE-ID: CVE-2014-0768)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long AccessCode2 argument. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Stack-based buffer overflow (CVE-ID: CVE-2014-0770)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a long UserName parameter. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Information disclosure (CVE-ID: CVE-2014-0771)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
14) Information disclosure (CVE-ID: CVE-2014-0772)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL.
15) Input validation error (CVE-ID: CVE-2014-0773)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02
- http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html
- http://www.securityfocus.com/bid/68714
- http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03
- http://www.securityfocus.com/bid/66740
- http://www.securityfocus.com/bid/66718
- http://www.securityfocus.com/bid/66722
- http://www.securityfocus.com/bid/66725
- http://www.securityfocus.com/bid/66728
- http://www.securityfocus.com/bid/66732