var-201407-0236
Vulnerability from variot
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0236", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.1" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003490" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "John Leitch", "sources": [ { "db": "ZDI", "id": "ZDI-14-249" } ], "trust": 0.7 }, "cve": "CVE-2014-2367", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-2367", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-2367", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-04531", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7fc402-463f-11e9-b23e-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-70306", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-2367", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-2367", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-2367", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-04531", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201407-479", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-70306", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-2367" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "BID", "id": "68716" }, { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-70306" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-2367", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201407-479", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04531", "trust": 1.0 }, { "db": "BID", "id": "68716", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003490", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2079", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-249", "trust": 0.7 }, { "db": "IVD", "id": "7D7FC402-463F-11E9-B23E-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E4A5D23C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-70306", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "BID", "id": "68716" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "id": "VAR-201407-0236", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" } ], "trust": 1.53470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04531" } ] }, "last_update_date": "2024-11-23T22:02:05.219000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Advantech WebAccess Remote Verification Bypass Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47826" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2367" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2367" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "BID", "id": "68716" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-249" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04531" }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70306" }, { "date": "2014-07-15T00:00:00", "db": "BID", "id": "68716" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-479" }, { "date": "2014-07-19T05:09:27.720000", "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-249" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04531" }, { "date": "2014-07-23T00:00:00", "db": "VULHUB", "id": "VHN-70306" }, { "date": "2014-07-22T00:07:00", "db": "BID", "id": "68716" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-479" }, { "date": "2024-11-21T02:06:09.660000", "db": "NVD", "id": "CVE-2014-2367" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-479" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Remote Authentication Bypass Vulnerability", "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" } ], "trust": 1.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-479" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.