Skip to main content

Advantech Webaccess CVE-2012-1235

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2012-02-21 cve@mitre.org
6.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Feb 21, 2012 - 13:31 cve.org
MEDIUM 6.0

DescriptionCVE.org

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.

AnalysisAI

Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. Affected products include: Advantech Advantech Webaccess.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2014-0763 HIGH POC
7.5 Apr 12

An attacker using SQL injection may use arguments to construct queries without proper sanitization. Rated high severity

CVE-2014-2364 HIGH POC
7.5 Jul 19

Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code

CVE-2012-0242 CRITICAL POC
10.0 Feb 21

Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code

CVE-2012-0241 MEDIUM POC
5.0 Feb 21

Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a m

CVE-2012-0243 CRITICAL
10.0 Feb 21

Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers

CVE-2012-0238 CRITICAL
10.0 Feb 21

Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute

CVE-2012-0240 CRITICAL
10.0 Feb 21

GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remo

CVE-2014-2366 CRITICAL
9.0 Jul 19

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTM

CVE-2014-0768 HIGH
7.5 Apr 12

An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buff

CVE-2014-0767 HIGH
7.5 Apr 12

An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control.

CVE-2014-0766 HIGH
7.5 Apr 12

An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer o

CVE-2014-0765 HIGH
7.5 Apr 12

To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. Rated high severity (CVSS 7

Share

CVE-2012-1235 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy