Advantech WebAccess < 6.0-2008.06.06 Remote Authentication Bypass

medium Nessus Network Monitor Plugin ID 9951

Synopsis

The detected version of Advantech WebAccess may be affected by a remote authentication bypass attack vector.

Description

The installed version of Advantech WebAccess is prior to 6.0-2008.06.06 and is affected by an unspecified flaw in the Project Manager Login page that may allow a remote attacker to bypass authentication mechanisms. No further details have been provided.

Solution

Upgrade to Advantech WebAccess version 6.0-2008.06.06 or later.

See Also

http://advantech.vo.llnwd.net/o35/www/webaccess/WebAccess%208.0/Version%208.0.htm

http://webaccess.advantech.com/downloads/Release%20Notes%20Candidate.htm

Plugin Details

Severity: Medium

ID: 9951

Family: SCADA

Published: 2/14/2017

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:advantech:advantech_webaccess

Patch Publication Date: 6/6/2008

Vulnerability Publication Date: 6/6/2008