Advantech WebAccess Multiple Remote Vulnerabilities

Bugtraq ID:	52051
Class:	Input Validation Error
CVE:	CVE-2011-4521 CVE-2011-4522 CVE-2011-4523 CVE-2011-4524 CVE-2011-4525 CVE-2011-4526 CVE-2012-0233 CVE-2012-0234 CVE-2012-0235 CVE-2012-0236 CVE-2012-0237 CVE-2012-0238 CVE-2012-0239 CVE-2012-0240 CVE-2012-0244 CVE-2012-0243 CVE-2012-0242 CVE-2012-0241
Remote:	Yes
Local:	No
Published:	Feb 16 2012 12:00AM
Updated:	Feb 16 2012 12:00AM
Credit:	Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and Snake (alias).
Vulnerable:	Advantech BroadWin WebAccess 7.0
Not Vulnerable:

Advantech WebAccess Multiple Remote Vulnerabilities

Advantech WebAccess is prone to multiple remote vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible.

Advantech WebAccess Multiple Remote Vulnerabilities

An attacker can exploit some of these issues through a browser.

Advantech WebAccess Multiple Remote Vulnerabilities

Solution:
An update is available. Please see the references for more information.

Advantech WebAccess Multiple Remote Vulnerabilities

References:

• BroadWin WebAccess Homepage (Advantech )
  
• ICSA-11-279-01�??ADVANTECH OPC SERVER BUFFER OVERFLOW (US-CERT)