ID
VAR-E-201301-0078
TITLE
Advantech WebAccess HMI/SCADA Cross Site Scripting
Trust: 0.5
DESCRIPTION
Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess hmi/scada | scope: | - | version: | - | Trust: 0.5 |
EXPLOIT
##############################################################################
#
# Title : Advantech WebAccess HMI/SCADA Software Persistence Cross-Site
# Scripting Vulnerability
# Author : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor : http://webaccess.advantech.com/
# Advisory : http://secpod.org/blog/?p=569
# http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt
# Software : Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
# Date : 08/01/2013
#
###############################################################################
SecPod ID: 1046 10/12/2012 Issue Discovered
18/12/2012 Vendor Notified
No Response from vendor
08/01/2013 Advisory Released
Class: Cross-Site Scripting Severity: High
Overview:
---------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.
Technical Description:
----------------------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.
Input passed via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'
(when tableName=pProject set) page is not properly verified before it is
returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in the context of a vulnerable site.
The vulnerabilities are tested in Advantech WebAccess 7.0-2012.12.05 Other
versions may also be affected.
Impact:
--------
Successful exploitation will allow a remote authenticated attacker to execute
arbitrary HTML code in a user's browser session in the context of a vulnerable
application.
Affected Software:
------------------
Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
Tested on Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05 on Windows XP SP3
References:
-----------
http://secpod.org/blog/?p=569
http://webaccess.advantech.com
http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt
Proof of Concept:
-----------------
1) Login into project management interface
http://IP-Address/broadWeb/bwconfig.asp?username=admin
2) Go to http://IP-Address/broadweb/bwproj.asp
3) Create New Project with Project Description as <script>alert("XSS")<script>
4) Now Java script '<script>alert("XSS")<script>' will be executed,
when 'bwproj.asp' will be loaded
Solution:
----------
Fix not available
Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = SINGLE INSTANCE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = COMPLETE
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 6.3 (High) (AV:N/AC:M/Au:SI/C:N/I:C/A:N)
Credits:
--------
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
xss
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Antu Sanadi
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 119328 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 119328 |
LAST UPDATE DATE
2022-07-27T09:49:52.182000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 119328 | date: | 2013-01-08T16:13:50 |