ID CVE-2017-12702
Summary An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:advantech:webaccess:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.06.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.06.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.06.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.06.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.06.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.06.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.06.25:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.06.25:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.07.09:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.07.09:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.07.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.07.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.07.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.07.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.07.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.07.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.08.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.08.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.08.09:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.08.09:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.09.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.09.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.09.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.09.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.09.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.09.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.09.16:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.09.16:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.09.26:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.09.26:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.10.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.10.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.10.16:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.10.16:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.10.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.10.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.10.30:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.10.30:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.11.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.11.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.11.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.11.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.11.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.11.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.11.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.11.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.11.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.11.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.12.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.12.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2007.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2007.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.01.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.01.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.01.17:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.01.17:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.01.21:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.01.21:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.02.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.02.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.03.04:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.03.04:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.03.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.03.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.03.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.03.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.04.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.04.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.04.28:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.04.28:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.04.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.04.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.05.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.05.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.05.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.05.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.05.15:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.05.15:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.05.21:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.05.21:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.05.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.05.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.06.03:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.06.03:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.06.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.06.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.06.23:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.06.23:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.06.25:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.06.25:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.07.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.07.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.07.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.07.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.07.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.07.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.08.03:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.08.03:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.08.26:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.08.26:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.09.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.09.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.09.23:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.09.23:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.09.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.09.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.09.30:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.09.30:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.11.03:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.11.03:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.11.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.11.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.11.07:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.11.07:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.11.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.11.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.11.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.11.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2008.12.30:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2008.12.30:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.1.06:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.1.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.4.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.04.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.04.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.04.09:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.04.09:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.04.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.04.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.04.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.04.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.05.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.05.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.05.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.05.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.06.03:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.06.03:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.06.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.06.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:6.0-2009.06.09:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:6.0-2009.06.09:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7-2009.10.13:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7-2009.10.13:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.06.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.06.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.07.21:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.07.21:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.08.03:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.08.03:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.08.13:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.08.13:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.08.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.08.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2009.11.16:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2009.11.16:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.02.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.02.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.05.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.05.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.06.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.06.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.07.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.07.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.07.16:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.07.16:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.08.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.08.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.08.17:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.08.17:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.09.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.09.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.09.30:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.09.30:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2010.11.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2010.11.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2011.01.11:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2011.01.11:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2011.01.26:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2011.01.26:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2011.05.23:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2011.05.23:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2011.08.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2011.08.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2011.12.20:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2011.12.20:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.03.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.03.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.03.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.03.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.03.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.03.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.03.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.03.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.05.21:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.05.21:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.06.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.06.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.06.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.06.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.09.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.09.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.09.13:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.09.13:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.10.31:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.10.31:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.11.29:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.11.29:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.12.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.12.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2012.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2012.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2013.01.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2013.01.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2013.01.08:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2013.01.08:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2013.01.17:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2013.01.17:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.0-2013.01.21:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.0-2013.01.21:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.1-2013.04.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.1-2013.04.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.07.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.07.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.07.26:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.07.26:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.08.05:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.08.05:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.08.18:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.08.18:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.08.25:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.08.25:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.09.12:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.09.12:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.09.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.09.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.09.27:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.09.27:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.02:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.02:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.17:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.17:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.22:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.22:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.28:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.28:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.10.30:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.10.30:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.11.01:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.11.01:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.11.14:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.11.14:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2013.12.15:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2013.12.15:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2014.01.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2014.01.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2014.01.20:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2014.01.20:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2014.01.24:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2014.01.24:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2-2014.02.10:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2-2014.02.10:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2_20140303:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2_20140303:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2_20140606:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2_20140606:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:7.2_20140730:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:7.2_20140730:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.0-2014.10.31:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.0-2014.10.31:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.0_20150412:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.0_20150412:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.0_20150816:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.0_20150816:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.1_20151230:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.1_20151230:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.1_20160519:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.1_20160519:*:*:*:*:*:*:*
  • cpe:2.3:a:advantech:webaccess:8.2:*:*:*:*:*:*:*
    cpe:2.3:a:advantech:webaccess:8.2:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 09-10-2019 - 23:23)
Impact:
Exploitability:
CWE CWE-134
CAPEC
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Format String Injection
    An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 100526
misc https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02
Last major update 09-10-2019 - 23:23
Published 30-08-2017 - 18:29
Last modified 09-10-2019 - 23:23
Back to Top