Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Recherche Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 8.1_20160519 Multiple Vulnerabilities

High

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 8.1_20160519 and is affected by the following vulnerabilities :

- A flaw exists that is triggered as 'upAdminPg.asp' exposes sensitive information, including administrative passwords. This may allow an authenticated remote attacker to disclose sensitive information. (OSVDB 142284) - A flaw exists that is triggered as multiple unspecified ActiveX controls, which are intended for restricted use, are instead marked as safe-for-scripting. This may potentially allow a context-dependent attacker to leverage them to conduct attacks. (OSVDB 140285) - An overflow condition in exists 'cellvision.ocx' that is triggered as user-supplied input is not properly validated when handling DLL files. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (OSVDB 140286) - A flaw exists in the project user web page that may expose password information to remote attackers. No further details have been provided by the vendor. (OSVDB 142561) - An overflow condition exists in the 'cellvision.ocx' control. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (OSVDB 142562)

Solution

Upgrade to Advantech WebAccess version 8.1_20160519 or later.