Advantech Clears Multiple WebAccess Holes

Wednesday, May 16, 2018 @ 12:05 PM gHale

Advantech released a new version to mitigate multiple vulnerabilities in its WebAccess, according to a report with NCCIC.

The remotely exploitable vulnerabilities include SQL injection, improper authorization, path traversal, heap-based buffer overflow, stack-based buffer overflow, untrusted pointer dereference, improper privilege management, and external control of file name or path.

RELATED STORIES
MatrikonOPC Patches Hole in Explorer
Rockwell Mitigates Arena Vulnerability
Rockwell has Update for FactoryTalk Holes
Silex, GE Mitigate Vulnerabilities

Mat Powell and rgod, working with Trend Micro’s Zero Day Initiative; Steven Seeley of Offensive Security, working with Trend Micro’s Zero Day Initiative, and Donato Onofri and Simone Onofri of Business Integration Partners S.p.A. reported these vulnerabilities.

Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information from the host and/or target, execute arbitrary code, or delete files.

The following versions of WebAccess products are suffer from the issues:
• WebAccess versions V8.2_20170817 and prior
• WebAccess versions V8.3.0 and prior
• WebAccess Dashboard versions V.2.0.15 and prior
• WebAccess Scada Node versions prior to 8.3.1
• WebAccess/NMS 2.0.3 and prior

In one vulnerability, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.

CVE-2018-7501 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.

CVE-2018-10590 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Also, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.

CVE-2018-7505 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

Another vulnerability is a path transversal issue, which may allow an attacker to disclose sensitive information on the target.

CVE-2018-7503 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

There is also another path transversal vulnerability, which may allow an attacker to execute arbitrary code.

CVE-2018-10589 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In addition, there were several stack-based buffer overflow vulnerabilities identified, which may allow an attacker to execute arbitrary code.

CVE-2018-7499 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

There is also a heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.

CVE-2018-8845 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

Also, there are several untrusted pointer dereference vulnerabilities, which may allow an attacker to execute arbitrary code.

CVE-2018-7497 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

There is also an external control of file name or path vulnerability, which may allow an attacker to delete files.

CVE-2018-7495 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, an origin validation error vulnerability has been identified, which may allow an attacker to create a malicious web site, steal session cookies, and access data of authenticated users.

CVE-2018-10591 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.1.

Also an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.

CVE-2018-8841 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.4.

The products see use mainly in the critical manufacturing, energy, and water and wastewater systems sectors. They also see action mainly in East Asia, the United States and Europe.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Taiwan-based Advantech has released Version 8.3.1 of WebAccess to address the reported vulnerabilities. Users can download the latest version of WebAccess.



Leave a Reply

You must be logged in to post a comment.