Earlier this evening the DHS ICS-CERT published a new advisory
for multiple buffer overflow vulnerabilities in the Advantech WebAccess
application. The vulnerabilities were identified by Ricardo Narvaja of Core
Security Technologies in a coordinated disclosure. Advantech has provided a
patch to resolve the vulnerabilities and Narvaja has verified the efficacy of
the fix.
The eight stack buffer overflow vulnerabilities
affect the following parameters:
● NodeName, CVE-2014-0985;
● GotoCmd, CVE-2014-0986;
● NodeName2, CVE-2014-0987;
● AccessCode, CVE-2014-0988;
● AccessCode2, CVE-2014-0989;
● UserName, CVE-2014-0990;
● ProjectName, CVE-2014-0991;
● Password, CVE-2014-0992.
Because exploiting these vulnerabilities would
require a social engineering attack, ICS-CERT reports that an exploitation of
one of these vulnerabilities could be done remotely, but there would be a
reduced likelihood of a successful attack.
Posts
No comments:
Post a Comment