Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 7.1-2013.05.30 Multiple Vulnerabilities

Critical

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 7.1-2013.05.30 and is affected by the following vulnerabilities :

- A flaw exists in the 'ProjDesc' parameter of the '/broadWeb/include/gAddNew.asp' script that is affected by a stored cross-site scripting (XSS) vulnerability.(CVE-2013-2299) - Multiple flaws exist on an RPC service ('webvrpcs.exe') that listens remotely on TCP port 4592.The first is an overflow condition that exists due to improper validation of user-supplied input.An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.The second is an information disclosure vulnerability that allows an unauthenticated, remote attacker to obtain the security code value that protects the SCADA node via a long string in an RPC request to TCP port 4592.(CVE-2011-4041)

解決方案

Upgrade to Advantech WebAccess version 7.1-2013.05.30 or later.