Advantech Releases Updated WebAccess

Tuesday, August 29, 2017 @ 06:08 PM gHale


Advantech released a new version to mitigate multiple vulnerabilities in its WebAccess product, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities include a SQL injection, out-of-bounds access, multiple buffer overflows, externally controlled format string, improper authentication, incorrect permission assignment for critical resource, incorrect privilege assignment and uncontrolled search path element.

RELATED STORIES
AzeoTech Fixes DAQFactory Holes
Abbot Patches Pacemaker Holes
Westermo Firmware Release Fixes Issues
Rockwell Plan to Fix Cisco Holes

WebAccess HMI platform versions prior to V8.2_20170817 suffer from the issues.

The vulnerabilities ended up discovered by Independent researcher Fritz Sands, independent researcher rgod, Tenable Network Security, and an anonymous researcher, all working with Trend Micro’s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.

Successful exploitation of these vulnerabilities may allow remote code execution or unauthorized access and could cause the device the attacker is accessing to crash.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

In one vulnerability, by submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.

CVE-2017-12710 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.

CVE-2017-12708 is the case number assigned to this vulnerability which has a CVSS v3 base score of 6.3.

Also, researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.

CVE-2017-12706 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

In addition, researchers identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.

CVE-2017-12704 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

Also, there is a string format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.

CVE-2017-12702 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.3.

In addition, specially crafted requests allow a possible authentication bypass that could allow remote code execution.

CVE-2017-12698 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

Also, multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.

CVE-2017-12713 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

Also, a built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.

CVE-2017-12711 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.8.

In addition, a maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.

CVE-2017-12717 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.8.

The product sees action mainly in the critical manufacturing, energy and water and wastewater sectors. It mainly sees use in East Asia, United States and Europe.

Taiwan-based Advantech released a new version of WebAccess to address the reported vulnerabilities. Users can download WebAccess Version V8.2_20170817 at the following location (registration required).



Leave a Reply

You must be logged in to post a comment.