HomePentest-Tools.com Logo

Advantech WebAccess Multiple Vulnerabilities CVE-2014-0763CVE-2014-0764CVE-2014-0765CVE-2014-0766CVE-2014-0767CVE-2014-0768CVE-2014-0770CVE-2014-0771CVE-2014-0772CVE-2014-0773

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Advantech WebAccess is prone to multiple vulnerabilities.

Risk description

- Certain input related to some SOAP requests is not properly sanitised within the DBVisitor.dll component before being used in a SQL query. - Multiple boundary errors within the webvact.ocx ActiveX control when handling GotoCmd, NodeName2, AccessCode, UserName, and NodeName strings can be exploited to cause stack-based buffer overflows. - A boundary error within the webvact.ocx ActiveX control when handling the AccessCode2 string can be exploited to cause a stack-based buffer overflow. - Two errors within the OpenUrlToBuffer() and OpenUrlToBufferTimeout() methods of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to disclose contents of arbitrary local or network resources. - An error within the CreateProcess() method of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to bypass the intended restrictions and subsequently execute arbitrary code. Successful exploitation will allow attackers to conduct SQL injection attacks, bypass certain security restrictions, and compromise a users system.

Recommendation

Upgrade to Advantech WebAccess 7.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 12, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available