Advantech WebAccess Buffer Overflow

Wednesday, September 9, 2015 @ 01:09 PM gHale

There is a stack-based overflow vulnerability in Advantech’s WebAccess application, according to a report on ICS-CERT.

Security researcher Praveen Darshanam notified ICS-CERT he publicly disclosed information about the reported vulnerability. ICS-CERT released an advisory to provide early notice of the report and to identify baseline mitigations for reducing risks associated with the reported vulnerability.

Schneider Patches Modicon PLC Holes
Cogent Code Injection Vulnerability
Moxa Fixes Switch Vulnerabilities
SMA Solar Hard-Coded Account Hole

Advantech is working on a new version of WebAccess to address this remotely exploitable vulnerability, which they expect to release shortly.

Exploits that target this vulnerability are publicly available.

WebAccess, Version 8.0 and prior versions suffer from the issue.

An attacker may be able to exploit these vulnerabilities to crash the WebAccess application or to execute arbitrary code.

Taiwan-based Advantech has distribution offices in 21 countries worldwide.

The affected product, WebAccess, formerly known as BroadWin WebAccess, is a web-based SCADA and human-machine interface product. WebAccess sees action across several sectors including commercial facilities, critical manufacturing, energy, and government facilities. Advantech said these products see use on a global basis.

Multiple stack-based buffer overflow vulnerabilities are in vulnerable DLLs that may allow a remote attacker to crash the application or allow arbitrary code execution.

CVE-2014-9208 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

An attacker with low skill would be able to exploit this vulnerability.

Advantech is planning to release a new version of WebAccess, Version 8.0.1 to address the stack-based buffer overflow vulnerability. Advantech has not identified a release date for the new version.