##############################################################################
#
# Title    : Advantech WebAccess HMI/SCADA Software Persistence Cross-Site
#            Scripting Vulnerability
# Author   : Antu Sanadi SecPod Technologies (www.secpod.com)
# Vendor   : http://webaccess.advantech.com/
# Advisory : http://secpod.org/blog/?p=569
#	         http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt
# Software : Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05
# Date     : 08/01/2013
#
###############################################################################

SecPod ID: 1046                                 10/12/2012 Issue Discovered
                                                18/12/2012 Vendor Notified
                                                No Response from vendor
                                                08/01/2013 Advisory Released


Class: Cross-Site Scripting                     Severity: High


Overview:
---------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.


Technical Description:
----------------------
Advantech WebAccess HMI/SCADA Software Persistence Cross-Site Scripting
Vulnerability.

Input passed via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp'
(when tableName=pProject set) page is not properly verified before it is
returned to the user. This can be exploited to execute arbitrary HTML and
script code in a user's browser session in the context of a vulnerable site.

The vulnerabilities are tested in Advantech WebAccess 7.0-2012.12.05 Other
versions  may also be affected.


Impact:
--------
Successful exploitation will allow a remote authenticated attacker to execute
arbitrary HTML code in a user's browser session in the context of a vulnerable
application.


Affected Software:
------------------
Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05

Tested on Advantech WebAccess HMI/SCADA Software 7.0-2012.12.05 on Windows XP SP3


References:
-----------
PBBoard v2.1.4 CMS – Multiple Vulnerabilities
http://webaccess.advantech.com http://secpod.org/advisories/SecPod_Advantech_WebAccess_Stored_XSS_Vuln.txt Proof of Concept: ----------------- 1) Login into project management interface http://IP-Address/broadWeb/bwconfig.asp?username=admin 2) Go to http://IP-Address/broadweb/bwproj.asp 3) Create New Project with Project Description as <script>alert("XSS")<script> 4) Now Java script '<script>alert("XSS")<script>' will be executed, when 'bwproj.asp' will be loaded Solution: ---------- Fix not available Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = SINGLE INSTANCE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = COMPLETE AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 6.3 (High) (AV:N/AC:M/Au:SI/C:N/I:C/A:N) Credits: -------- Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.
Rate this post
Брой прочитания на тази страница: 966
Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *