ID

VAR-190001-0355


TITLE

BroadWin WebAccess Client 'OcxSpool()' Method Memory Corruption Vulnerability

Trust: 0.8

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3480

DESCRIPTION

Advantech BroadWin is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) house arrest. The \"CloseFile()\" method (bwocxrun.ocx) has an error when the BroadWin WebAccess client handles opening a file descriptor. Passing an arbitrary integer value to the \"fpt\" method can cause memory corruption. Successful exploitation of a vulnerability can execute arbitrary code in the context of an application. BroadWin WebAccess Client is prone to multiple remote vulnerabilities, including: 1. A format-string vulnerability 2. Failed exploit attempts will likely result in denial-of-service conditions. BroadWin WebAccess Client 7.0 is vulnerable; other verisons may also bea ffected. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: BroadWin WebAccess Client Bwocxrun ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45820 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in BroadWin WebAccess Client, which can be exploited by malicious people to compromise a user's system. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/bwocxrun_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: CNVD: CNVD-2011-3480 // CNVD: CNVD-2011-3482 // CNVD: CNVD-2011-3481 // BID: 49428 // IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d // PACKETSTORM: 104730

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.4

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3480 // CNVD: CNVD-2011-3482 // CNVD: CNVD-2011-3481

AFFECTED PRODUCTS

vendor:advantechmodel:broadwin webaccessscope:eqversion:7.0

Trust: 2.7

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3480 // CNVD: CNVD-2011-3482 // CNVD: CNVD-2011-3481 // BID: 49428

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: f0b04646-1f89-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: ef89c864-1f89-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: f0b04646-1f89-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: ef89c864-1f89-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201109-013

TYPE

Resource management error

Trust: 0.6

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:BIDid:49428

Trust: 2.7

db:SECUNIAid:45820

Trust: 1.9

db:CNVDid:CNVD-2011-3480

Trust: 0.8

db:CNVDid:CNVD-2011-3481

Trust: 0.8

db:CNVDid:CNVD-2011-3482

Trust: 0.8

db:CNNVDid:CNNVD-201109-013

Trust: 0.6

db:ICS CERT ALERTid:ICS-ALERT-11-245-01

Trust: 0.3

db:IVDid:F0B04646-1F89-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:EF89C864-1F89-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:EE5F92C0-1F89-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:104730

Trust: 0.1

sources: IVD: f0b04646-1f89-11e6-abef-000c29c66e3d // IVD: ef89c864-1f89-11e6-abef-000c29c66e3d // IVD: ee5f92c0-1f89-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3480 // CNVD: CNVD-2011-3482 // CNVD: CNVD-2011-3481 // BID: 49428 // PACKETSTORM: 104730 // CNNVD: CNNVD-201109-013

REFERENCES

url:http://secunia.com/advisories/45820/

Trust: 1.9

url:http://www.securityfocus.com/bid/49428

Trust: 0.6

url:http://aluigi.altervista.org/adv/bwocxrun_1-adv.txt

Trust: 0.4

url:http://support.microsoft.com/kb/240797

Trust: 0.3

url:http://webaccess.advantech.com/

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-245-01.pdf

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45820

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/blog/242

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/45820/#comments

Trust: 0.1

sources: CNVD: CNVD-2011-3480 // CNVD: CNVD-2011-3482 // CNVD: CNVD-2011-3481 // BID: 49428 // PACKETSTORM: 104730 // CNNVD: CNNVD-201109-013

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 49428 // CNNVD: CNNVD-201109-013

SOURCES

db:IVDid:f0b04646-1f89-11e6-abef-000c29c66e3d
db:IVDid:ef89c864-1f89-11e6-abef-000c29c66e3d
db:IVDid:ee5f92c0-1f89-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3480
db:CNVDid:CNVD-2011-3482
db:CNVDid:CNVD-2011-3481
db:BIDid:49428
db:PACKETSTORMid:104730
db:CNNVDid:CNNVD-201109-013

LAST UPDATE DATE

2022-05-17T22:52:21.922000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3480date:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3482date:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3481date:2011-09-05T00:00:00
db:BIDid:49428date:2011-10-31T19:53:00
db:CNNVDid:CNNVD-201109-013date:2011-09-06T00:00:00

SOURCES RELEASE DATE

db:IVDid:f0b04646-1f89-11e6-abef-000c29c66e3ddate:2011-09-05T00:00:00
db:IVDid:ef89c864-1f89-11e6-abef-000c29c66e3ddate:2011-09-05T00:00:00
db:IVDid:ee5f92c0-1f89-11e6-abef-000c29c66e3ddate:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3480date:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3482date:2011-09-05T00:00:00
db:CNVDid:CNVD-2011-3481date:2011-09-05T00:00:00
db:BIDid:49428date:2011-09-02T00:00:00
db:PACKETSTORMid:104730date:2011-09-02T12:39:29
db:CNNVDid:CNNVD-201109-013date:1900-01-01T00:00:00