Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Core Security Releases Security Advisories on Advantech Product Vulnerabilities

Researchers at Core Security have disclosed multiple vulnerabilities affecting products from Advantech Corp., which provides industrial automation and embedded solutions.

Researchers at Core Security have disclosed multiple vulnerabilities affecting products from Advantech Corp., which provides industrial automation and embedded solutions.

The vulnerabilities exist in the following products: Advantech EKI-6340 V2.05, Advantech Web Access 7.2 and Advantech AdamView V4.3.

“The AdamView and WebAccess vulnerabilities are “client-side” attacks, therefore some kind of social engineering is required,” explained Joaquín Rodríguez Varela, senior researcher at Core Security. “The victim would need to execute a file or visit a malicious site before the vulnerability could be exploited. In the case of EKI-6340, if the device is remotely accessible, then the vulnerability is very easy to exploit.”

Advantech did not respond to a SecurityWeek request for comment before publication. According to Core Security, the Advantech EKI-6340 series are wireless mesh access points for outdoor deployment.

According to Core Security, the EKI-6340 series is vulnerable to an OS command injection attack that can be exploited by remote attackers to execute arbitrary code and commands using non-privileged user against a vulnerable CGI file.

Core Security also warned that Advantech’s WebAccess product – a browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) – is vulnerable to a stack-based buffer overflow attack that can be exploited by remote attackers to execute arbitrary code via a malicious html file with specific parameters for an ActiveX component.

The final advisory on AdamView explains that the product has two different fields vulnerable to buffer overflow attacks. The vulnerability is caused by a stack buffer overflow when parsing the display properties parameter. If successfully exploited, an attacker could trigger execution of arbitrary code within the context of the application or crash the application entirely.

The issues in EKI-6340 and AdamView are not going to be patched, according to Core Security. In the case of EKI-6340, that is because the vendor plans to discontinue it early next year, while the Adamview product is no longer supported, the advisories note.

Advertisement. Scroll to continue reading.

For users of Adamview, Core Security recommends users avoid opening untrusted .gni files and use third-party software such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) to help prevent exploitation of affected systems. EKI-6340 users should change the ‘guest’ user password and edit the fshttpd.conf and remove the line ‘guest_allow=/cgi/ping.cgi’. Users should also check to make sure the ‘admin’ user doesn’t have the default password as well.

As far as the WebAccess vulnerability, the company recommends anyone affected use third-party software that could help prevent exploitation of affected systems.

“Additionally the vendor released WebAccess v8 where it has deleted the vulnerable file ‘webeye.ocx’ but if version upgrade is being performed, the vulnerable ocx file is not deleted at all, therefore we do not consider this a correct fix,” the advisory states.

Varela said Core Security is not aware of any attacks exploiting the issues.

“It should be fine to follow standard operating procedures here and apply these updates during scheduled downtime or maintenance,” he said. “Of course, events may dictate higher or lower priority – every network is different.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.