CVE-2012-0233 Advantech/BroadWin WebAccess Multiple Vulnerabilities




Advantech/BroadWin WebAccess is a web-based application for human-machine interfaces (HMI), and supervisory control and data acquisition (SCADA).

Advantech/BroadWin WebAccess is exposed to multiple vulnerabilities that can cause Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF) and Authentication issues.

Affected Versions:
Advantech/BroadWin WebAccess 7.0 and earlier

QID Detection Logic (unauthenticated):
The QID sends a GET /broadWeb/bwRoot.asp request to retrieve the version of Advantech/BroadWin WebAccess running on the remote target.


Successful exploitation of the vulnerabilities will lead to:
1) Cross-site scripting (XSS)
2) SQL injection
3) Cross-site report forgery (CSRF)
4) Authentication issues


Customers are advised to upgrade to the latet version of the software. Refer to the following link for further details:Advantech WebAccess

Following are links for downloading patches to fix the vulnerabilities:

Advantech/BroadWin WebAccess

Leave a Reply