This host is running Advantech WebAccess and is prone to multiple vulnerabilities.
Successful exploitation will allow attackers to conduct SQL injection attacks, bypass certain security restrictions, and compromise a user's system. Impact Level: Application
Upgrade to Advantech WebAccess 7.2 or later, For updates refer to http://webaccess.advantech.com
- Certain input related to some SOAP requests is not properly sanitised within the DBVisitor.dll component before being used in a SQL query. - Multiple boundary errors within the webvact.ocx ActiveX control when handling GotoCmd, NodeName2, AccessCode, UserName, and NodeName strings can be exploited to cause stack-based buffer overflows. - A boundary error within the webvact.ocx ActiveX control when handling the AccessCode2 string can be exploited to cause a stack-based buffer overflow. - Two errors within the 'OpenUrlToBuffer()' and 'OpenUrlToBufferTimeout()' methods of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to disclose contents of arbitrary local or network resources. - An error within the 'CreateProcess()' method of the BWOCXRUN.BwocxrunCtrl.1 ActiveX control can be exploited to bypass the intended restrictions and subsequently execute arbitrary code.
Advantech WebAccess before 7.2
Get the installed version of Advantech WebAccess with the help of detect NVT and check the version is vulnerable or not.
CVE CVE-2014-0763, CVE-2014-0764, CVE-2014-0765, CVE-2014-0766, CVE-2014-0767, CVE-2014-0768, CVE-2014-0770, CVE-2014-0771, CVE-2014-0772, CVE-2014-0773
CVSS Base Score: 7.5