Advantech Clears ActiveX Holes
Wednesday, June 22, 2016 @ 02:06 PM gHale
Advantech created a new version to mitigate ActiveX vulnerabilities in its WebAccess, according to a report on ICS-CERT.
Zhou Yu of Acorn Network Security, who discovered the vulnerability, tested the new version to validate it resolves the vulnerabilities.
WebAccess versions prior to 8.1_20160519 suffer from the issues.
The vulnerabilities could allow an attacker who successfully exploits them to insert and run arbitrary code on an affected system.
Taiwan-based Advantech has distribution offices in 21 countries worldwide.
The affected product, WebAccess, formerly known as BroadWin WebAccess, is a web-based SCADA and human-machine interface (HMI) product. WebAccess sees action across several sectors including commercial facilities, critical manufacturing, energy, and government facilities. Advantech said this product sees use on a global basis.
Several ActiveX controls should end up see restricted use, however, they have been marked as safe-for-scripting.
CVE-2016-4525 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 6.6.
In one instance, a specially crafted DLL file can cause a buffer overflow.
CVE-2016-4528 is the case number assigned to these vulnerabilities, which has a CVSS v3 base score of 5.0.
In addition, a properly authenticated administrator can view passwords for other administrators.
CVE-2016-5810 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.7.
These vulnerabilities are not exploitable remotely and cannot end up exploited without user interaction. The exploit only triggers when a local user runs the vulnerable application, which in certain scenarios can cause it to load a DLL file from an untrusted source.
No known public exploits specifically target these vulnerabilities.
Crafting a working exploit for these vulnerabilities would be difficult. Social engineering would end up needed to convince the user to accept a malformed DLL file. Additional user interaction ends up needed to load the malformed file. This decreases the likelihood of a successful exploit.
Advantech released a new version of WebAccess, Version 8.1_20160519, to address the reported vulnerabilities.