Advantech created new software to mitigate an information disclosure, a directory traversal, and a privilege escalation vulnerability in its SUSIAccess Server, according to a report with ICS-CERT.
These vulnerabilities, discovered by researcher rgod working with Zero Day Initiative (ZDI), are remotely exploitable.
SUISAccess Server Version 3.0 and prior suffer from the issue.
Successful exploitation of these vulnerabilities may result in file manipulation or arbitrary code execution.
Advantech is a Taiwan-based company with distribution offices in 21 countries worldwide.
The affected product, SUSIAccess Server, is a platform as a service (PaaS) for cloud and Internet of Things (IoT) devices. SUSIAccess Server sees action across several sectors including commercial facilities, critical manufacturing, energy, and government facilities. Advantech estimates this product sees use on a global basis.
In one vulnerability, an attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2016-9349 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2016-9351 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0.
In addition, the admin password ends up stored in the system and encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.
CVE-2016-9353 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.4.
No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.
Advantech no longer supports “SUSIAccess.” They have developed “WISE-PaaS/RMM” to replace it. To coordinate the purchase of the new software, users should contact Advantech.