Advantech WebAccess < 7.0-2009.06.29 Multiple Vulnerabilities

The installed version of Advantech WebAccess is prior to 7.0-2009.06.29 and is affected by the following vulnerabilities :

• SQL injection vulnerabilities exist due to unspecified input not being properly sanitized before processing SQL queries. An unauthenticated, remote attacker can exploit these to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2011-4521, CVE-2012-0234, CVE-2012-0244)
• Unspecified cross-site scripting vulnerabilities exist due to improper validation of input data submitted to scripts ‘bwerrdn.asp’ and ‘bwview.asp’. A remote attacker, using a specially crafted URL, can exploit these to execute arbitrary script code in the browser in the context of the user’s session. (CVE-2011-4522, CVE-2011-4523)
• A buffer overflow condition exists due to a failure to properly sanitize user-supplied input. A remote, unauthenticated attacker, by using a very long string passed to unspecified parameters, can exploit this to execute arbitrary code. (CVE-2011-4524)
• A flaw exists that allows extracting arbitrary web page content into a batch file, which can then be executed. An unauthenticated, remote attacker can exploit this to write files to the server, allowing the execution of arbitrary code. (CVE-2011-4525)
• A buffer overflow condition exists due to a failure to properly sanitize user-supplied input to unspecified ActiveX parameters. An unauthenticated, remote attacker can exploit this, using a crafted long string, to execute arbitrary code. (CVE-2011-4526)
• A cross-site scripting vulnerability exists due to improper validation of unspecified input before returning it to the user. A remote attacker, using a specially crafted URL, can exploit this to execute arbitrary script code in the browser in the context of the user’s session. (CVE-2012-0233)
• An unspecified cross-site request forgery (XSRF) vulnerability exists due to WebAccess not requiring explicit confirmation from the user for sensitive transactions. An attacker, by using a specially crafted GET request embedded in an ‘img’ tag, can exploit this vulnerability to execute commands in the context of the session between an authenticated user and the application. (CVE-2012-0235)
• An unspecified information disclosure vulnerability exists that allows an unauthenticated, remote attacker to obtain sensitive information by using a direct request to a URL. (CVE-2012-0236)
• An flaw exists that allows an unauthenticated, remote attacker to enable or disable the date and time syncing operations by using a crafted URL. (CVE-2012-0237)
• A stack-based buffer overflow condition exists in ‘opcImg.asp’ due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2012-0238)
• A flaw exits in the ‘uaddUpAdmin.asp’ script due to an authentication failure, which allows a remote attacker to modify an administrative password using a change password request. (CVE-2012-0239)
• A flaw exists in the authentication function in the ‘GbScriptAddUp.asp’ script, which allows a remote attacker to execute arbitrary code. (CVE-2012-0240)
• A memory corruption issue exists in the ‘WriteTextData()’ and ‘CloseFile()’ functions due to a failure to properly sanitize user-supplied input. A remote attacker, by using a crafted value in the ‘fpt’ parameter, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2012-0241)
• A flaw in the ‘bwocxrun.ocx’ ActiveX control exists due to a failure by the ‘OcxSpool()’ method to properly sanitize user-supplied string format specifiers. A remote, unauthenticated attacker, by using crafted specifiers, can exploit this to execute arbitrary code. (CVE-2012-0242)
• A buffer overflow condition exists in the ‘bwocxrun.ocx’ ActiveX control due to a failure to properly sanitize user-supplied input. A remote attacker can exploit this to write arbitrary files to any pathname, allowing the execution of arbitrary code. (CVE-2012-0243)
• An unspecified SQL injection vulnerability exists due to input not being properly sanitized before processing SQL queries, which resulted from an incomplete fix for issue CVE-2012-0234. An unauthenticated, remote attacker can exploit this vulnerability to inject SQL queries against the database, resulting in the disclosure or manipulation of arbitrary data. (CVE-2012-1234)