virus logo Intrusion Prevention

Advantech.WebAccess.Bwmainleft.asp.Reflected.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross Site Scripting vulnerability in Advantech WebAccess software.
The vulnerability is due to input validation error that occurs in the application when handling maliciously crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary script code within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Advantech WebAccess/SCADA 8.3.1 and 8.3.2

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected server.

recomended-action-logoRecommended Actions

Upgrade to Advantech WebAccess 8.3.3 or later.
http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-06-06 14.627 Severity:high:medium
2018-12-28 13.515 Default_action:pass:drop
2018-11-27 13.498 Sig Added
2018-11-23 13.497 Severity:critical:high
2018-11-13 13.489

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02
ID 47062
Created Nov 13, 2018
Updated Jun 05, 2019
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2018-15707
Exploit Prediction Score 0.33%
Default Action drop
Active
Affected OS Windows
Affected App SCADA