漏洞类别:CGI
漏洞等级: 
漏洞信息
Advantech/BroadWin WebAccess is a web-based application for human-machine interfaces (HMI), and supervisory control and data acquisition (SCADA).
Advantech/BroadWin WebAccess is exposed to multiple vulnerabilities that can cause Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF) and Authentication issues.
Affected Versions:
Advantech/BroadWin WebAccess 7.0 and earlier
QID Detection Logic (unauthenticated):
The QID sends a GET /broadWeb/bwRoot.asp request to retrieve the version of Advantech/BroadWin WebAccess running on the remote target.
漏洞危害
Successful exploitation of the vulnerabilities will lead to:
1) Cross-site scripting (XSS)
2) SQL injection
3) Cross-site report forgery (CSRF)
4) Authentication issues
解决方案
Customers are advised to upgrade to the latet version of the software. Refer to the following link for further details:Advantech WebAccess
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论