Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 7.2-2013.11.14 Multiple Vulnerabilities

High

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 7.2-2013.11.14 and is affected by the following vulnerabilities :

- Multiple SQL Injection vulnerabilities exist in 'DBVisitor.dll' that can be exploited via specially crafted SOAP requests.(CVE-2014-0763) - Multiple stack-based buffer overflow conditions exist in an unspecified ActiveX control.(CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768) - The 'NodeName' parameter on the web interface is affected by a buffer overflow vulnerability.(CVE-2014-0770) - An unspecified ActiveX control contains a flaw that allows attackers to read arbitrary files.(CVE-2014-0771, CVE-2014-0772) - An unspecified ActiveX control contains a flaw that allows certain executable names to be run from arbitrary path names.(CVE-2014-0773)

解決方案

Upgrade to Advantech WebAccess version 7.2-2013.11.14 or later.