Advantech Fixes Overflow Holes

Friday, September 19, 2014 @ 11:09 AM gHale


Advantech created a fix that mitigates buffer overflow vulnerabilities in its WebAccess application, according to a report on ICS-CERT.

Researcher Ricardo Narvaja of Core Security Technologies, who discovered the holes, tested the patch to validate that it resolves the remotely exploitable vulnerabilities. WebAccess Version 7.2 suffers from the issue.

RELATED STORIES
Yokogawa CENTUM, Exaopc Vulnerability
Schneider Eyes Fix for SCADA Holes
Ecava Fixes SCADA Server Holes
Schneider Fixes VAMPSET Buffer Overflow

An attacker may be able to exploit these vulnerabilities to execute arbitrary code on the target machine or crash the WebAccess application.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

Advantech WebAccess, formerly known as BroadWin WebAccess, is a web-based SCADA and human-machine interface product deployed globally across several sectors including energy, critical manufacturing, commercial facilities, and government facilities.

The following is a series of stack buffer overflow vulnerabilities:
• With a specially crafted HTML file that parses the NodeName parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0985 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the GotoCmd parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0986 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the NodeName2 parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0987 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the AccessCode parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0988 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the AccessCode2 parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0989 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the UserName parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0990 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the projectname parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0991 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.
• With a specially crafted HTML file that parses the password parameter, an attacker may be able to overflow the stack buffer. The attacker may then be able to remotely execute code on the target device or crash the application. CVE-2014-0992 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

No known public exploits specifically target these vulnerabilities. Crafting a working exploit for this vulnerability would be difficult. Social engineering would end up employed to convince the user to open the malicious HTML file. This file could be on the local machine or hosted on a web site controlled by the attacker. This decreases the likelihood of a successful exploit.

Advantech created a patch (AdvantechWebAccessUSANode_20140730_3.4.3.exe) that mitigates each of the vulnerabilities. Click here to download the patch.

For additional information about WebAccess, visit this Advantech web site.



Leave a Reply

You must be logged in to post a comment.