Advantech: >> Advantech Webaccess >> 7.0 Security Vulnerabilities
An attacker may pass an overly long value from the AccessCode2 argument
to the control to overflow the static stack buffer. The attacker may
then remotely execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.012
Published
2014-04-12
By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
CVSS Score
7.5
EPSS Score
0.011
Published
2014-04-12
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-04-12
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
the URLs through JavaScript. This method could also be used to reach any
arbitrary URL to which the browser has access.
CVSS Score
5.0
EPSS Score
0.004
Published
2014-04-12
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“CreateProcess.” This method contains validation to ensure an attacker
cannot run arbitrary command lines. After validation, the values
supplied in the HTML are passed to the Windows CreateProcessA API.
The validation can be bypassed allowing for running arbitrary command
lines. The command line can specify running remote files (example: UNC
command line).
A function exists at offset 100019B0 of bwocxrun.ocx. Inside this
function, there are 3 calls to strstr to check the contents of the user
specified command line. If “\setup.exe,” “\bwvbprt.exe,” or
“\bwvbprtl.exe” are contained in the command line (strstr returns
nonzero value), the command line passes validation and is then passed to
CreateProcessA.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-04-12
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.005
Published
2013-08-22
Page 2