CVE-2018-18999 - WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper vali

CVE-2018-18999

Summary

WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack.

References

http://www.securityfocus.com/bid/106245
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02
https://www.tenable.com/security/research/tra-2018-45

Vulnerable Configurations

cpe:2.3:a:advantech:webaccess\/scada:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:advantech:webaccess\/scada:8.3.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-09-2020 - 16:53)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	106245
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02 https://www.tenable.com/security/research/tra-2018-45

Last major update

18-09-2020 - 16:53

Published

19-12-2018 - 18:29

Last modified

18-09-2020 - 16:53