Facebook Google Plus Twitter LinkedIn YouTube RSS 功能表 搜尋 Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Advantech WebAccess < 8.1_20160519 Multiple Vulnerabilities

High

Synopsis

The detected version of Advantech WebAccess may be affected by multiple attack vectors.

Description

The installed version of Advantech WebAccess is prior to 8.1_20160519 and is affected by the following vulnerabilities :

- A flaw exists that is triggered as 'upAdminPg.asp' exposes sensitive information, including administrative passwords.This may allow an authenticated remote attacker to disclose sensitive information.(OSVDB 142284) - A flaw exists that is triggered as multiple unspecified ActiveX controls, which are intended for restricted use, are instead marked as safe-for-scripting.This may potentially allow a context-dependent attacker to leverage them to conduct attacks.(OSVDB 140285) - An overflow condition in exists 'cellvision.ocx' that is triggered as user-supplied input is not properly validated when handling DLL files.This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.(OSVDB 140286) - A flaw exists in the project user web page that may expose password information to remote attackers.No further details have been provided by the vendor.(OSVDB 142561) - An overflow condition exists in the 'cellvision.ocx' control.The issue is triggered as user-supplied input is not properly validated.This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.(OSVDB 142562)

解決方案

Upgrade to Advantech WebAccess version 8.1_20160519 or later.