ID
VAR-E-201301-0393
CVE
| cve_id: | CVE-2013-2299 | Trust: 1.6 |
EDB ID
23968
TITLE
Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting - ASP webapps Exploit
Trust: 0.6
DESCRIPTION
Advantech Webaccess HMI/SCADA Software - Persistence Cross-Site Scripting. CVE-89067CVE-2013-2299 . webapps exploit for ASP platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | advantech | model: | webaccess hmi/scada software | scope: | - | version: | - | Trust: 1.0 |
EXPLOIT
##############################################################################
#
# Title : Advantech WebAccess HMI/SCADA Software Persistence Cross-Site
# Scripting Vulnerability
# Author : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor : http://webaccess.advantech.com/
# Advisory : http://secpod.org/blog/?p=569
# http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt
# Software : Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
# Date : 08/01/2013
#
###############################################################################
SecPod ID: 1046 10/12/2012 Issue Discovered
18/12/2012 Vendor Notified
No Response from vendor
08/01/2013 Advisory Released
Class: Cross-Site Scripting Severity: High
Overview:
---------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.
Technical Description:
----------------------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.
Input passed via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'
(when tableName=pProject set) page is not properly verified before it is
returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in the context of a vulnerable site.
The vulnerabilities are tested in Advantech WebAccess 7.0-2012.12.05 Other
versions may also be affected.
Impact:
--------
Successful exploitation will allow a remote authenticated attacker to execute
arbitrary HTML code in a user's browser session in the context of a vulnerable
application.
Affected Software:
------------------
Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
Tested on Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05 on Windows XP SP3
References:
-----------
http://secpod.org/blog/?p=569
http://webaccess.advantech.com
http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt
Proof of Concept:
-----------------
1) Login into project management interface
http://IP-Address/broadWeb/bwconfig.asp?username=admin
2) Go to http://IP-Address/broadweb/bwproj.asp
3) Create New Project with Project Description as <script>alert("XSS")<script>
4) Now Java script '<script>alert("XSS")<script>' will be executed,
when 'bwproj.asp' will be loaded
Solution:
----------
Fix not available
Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = SINGLE INSTANCE
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = COMPLETE
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 6.3 (High) (AV:N/AC:M/Au:SI/C:N/I:C/A:N)
Credits:
--------
Antu Sanadi of SecPod Technologies has been credited with the discovery of this
vulnerability.
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Persistence Cross-Site Scripting
Trust: 1.0
CREDITS
SecPod Research
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-2299 | Trust: 1.6 |
| db: | EXPLOIT-DB | id: | 23968 | Trust: 1.6 |
| db: | EDBNET | id: | 46078 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2013-2299 | Trust: 1.6 |
| url: | http://secpod.org/advisories/secpod_advantech_webaccess_stored_xss_vuln.txt | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/23968/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 23968 |
| db: | EDBNET | id: | 46078 |
LAST UPDATE DATE
2022-07-27T09:58:54.112000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 23968 | date: | 2013-01-08T00:00:00 |
| db: | EDBNET | id: | 46078 | date: | 2013-01-08T00:00:00 |