Advantech Fixes Buffer Overflow

Wednesday, September 16, 2015 @ 11:09 AM gHale

Advantech created a new version to mitigate a stack-based buffer overflow vulnerability in its WebAccess application, according to a report on ICS-CERT.

Ivan Sanchez from Nullcode Team, who discovered the vulnerability, tested the new version to validate it resolves the issue.

Yokogawa Mitigates Buffer Overflows
Advantech WebAccess Buffer Overflow
Schneider Patches Modicon PLC Holes
Cogent Code Injection Vulnerability

WebAccess Version 8.0 and prior versions suffer from the vulnerability.

An attacker may be able to exploit this vulnerability to crash the WebAccess application or to execute arbitrary code.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The affected product, WebAccess, formerly known as BroadWin WebAccess, is a web-based SCADA and human-machine interface product. WebAccess sees action across several sectors including commercial facilities, critical manufacturing, energy, and government facilities. Advantech estimates these products see use on a global basis.

A specially crafted file could end up used to overflow the stack buffer by providing overly long strings to functions in the affected DLL. An attacker may then be able to crash the application or run arbitrary code by getting a user to execute the specially crafted file.

CVE-2014-9202 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.9.

This vulnerability is not exploitable remotely and needs user interaction to end up exploited. The exploit only triggers when a local user runs the vulnerable application and loads the malformed file.

No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Social engineering is mandatory to convince the user to load the malformed file. This decreases the likelihood of a successful exploit.

Advantech released a new version of WebAccess, Version 8.0_20150816, which addresses the reported vulnerability. Click here for WebAccess, Version 8.0_20150816.