Advantech Clears ActiveX Holes

Wednesday, June 22, 2016 @ 02:06 PM gHale


Advantech created a new version to mitigate ActiveX vulnerabilities in its WebAccess, according to a report on ICS-CERT.

Zhou Yu of Acorn Network Security, who discovered the vulnerability, tested the new version to validate it resolves the vulnerabilities.

RELATED STORIES
Schneider Fixes XSS Vulnerability
Moxa Fixes Switch Vulnerability
OSIsoft Fixes Input Validation Hole
OSIsoft Fixes Input Validation Issue

WebAccess versions prior to 8.1_20160519 suffer from the issues.

The vulnerabilities could allow an attacker who successfully exploits them to insert and run arbitrary code on an affected system.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The affected product, WebAccess, formerly known as BroadWin WebAccess, is a web-based SCADA and human-machine interface (HMI) product. WebAccess sees action across several sectors including commercial facilities, critical manufacturing, energy, and government facilities. Advantech said this product sees use on a global basis.

Several ActiveX controls should end up see restricted use, however, they have been marked as safe-for-scripting.

CVE-2016-4525 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 6.6.

In one instance, a specially crafted DLL file can cause a buffer overflow.

CVE-2016-4528 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 5.0.

In addition, a properly authenticated administrator can view passwords for other administrators.

CVE-2016-5810 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.7.

These vulnerabilities are not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application, which in certain scenarios can cause it to load a DLL file from an untrusted source.

No known public exploits specifically target these vulnerabilities.

Crafting a working exploit for these vulnerabilities would be difficult. Social engineering would end up needed to convince the user to accept a malformed DLL file. Additional user interaction ends up needed to load the malformed file. This decreases the likelihood of a successful exploit.

Advantech released a new version of WebAccess, Version 8.1_20160519, to address the reported vulnerabilities.