Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Core Security Releases Security Advisories on Advantech Product Vulnerabilities

Researchers at Core Security have disclosed multiple vulnerabilities affecting products from Advantech Corp., which provides industrial automation and embedded solutions.

Researchers at Core Security have disclosed multiple vulnerabilities affecting products from Advantech Corp., which provides industrial automation and embedded solutions.

The vulnerabilities exist in the following products: Advantech EKI-6340 V2.05, Advantech Web Access 7.2 and Advantech AdamView V4.3.

“The AdamView and WebAccess vulnerabilities are “client-side” attacks, therefore some kind of social engineering is required,” explained Joaquín Rodríguez Varela, senior researcher at Core Security. “The victim would need to execute a file or visit a malicious site before the vulnerability could be exploited. In the case of EKI-6340, if the device is remotely accessible, then the vulnerability is very easy to exploit.”

Advantech did not respond to a SecurityWeek request for comment before publication. According to Core Security, the Advantech EKI-6340 series are wireless mesh access points for outdoor deployment.

According to Core Security, the EKI-6340 series is vulnerable to an OS command injection attack that can be exploited by remote attackers to execute arbitrary code and commands using non-privileged user against a vulnerable CGI file.

Core Security also warned that Advantech’s WebAccess product – a browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) – is vulnerable to a stack-based buffer overflow attack that can be exploited by remote attackers to execute arbitrary code via a malicious html file with specific parameters for an ActiveX component.

The final advisory on AdamView explains that the product has two different fields vulnerable to buffer overflow attacks. The vulnerability is caused by a stack buffer overflow when parsing the display properties parameter. If successfully exploited, an attacker could trigger execution of arbitrary code within the context of the application or crash the application entirely.

The issues in EKI-6340 and AdamView are not going to be patched, according to Core Security. In the case of EKI-6340, that is because the vendor plans to discontinue it early next year, while the Adamview product is no longer supported, the advisories note.

For users of Adamview, Core Security recommends users avoid opening untrusted .gni files and use third-party software such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) to help prevent exploitation of affected systems. EKI-6340 users should change the ‘guest’ user password and edit the fshttpd.conf and remove the line ‘guest_allow=/cgi/ping.cgi’. Users should also check to make sure the ‘admin’ user doesn’t have the default password as well.

As far as the WebAccess vulnerability, the company recommends anyone affected use third-party software that could help prevent exploitation of affected systems.

“Additionally the vendor released WebAccess v8 where it has deleted the vulnerable file ‘webeye.ocx’ but if version upgrade is being performed, the vulnerable ocx file is not deleted at all, therefore we do not consider this a correct fix,” the advisory states.

Varela said Core Security is not aware of any attacks exploiting the issues.

“It should be fine to follow standard operating procedures here and apply these updates during scheduled downtime or maintenance,” he said. “Of course, events may dictate higher or lower priority – every network is different.”

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.