ID

VAR-201601-0025


CVE

CVE-2016-0860


TITLE

Advantech WebAccess of BwpAlarm Subsystem buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001290

DESCRIPTION

Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11173 IOCTL in the BwpAlarm subsystem. A globals overflow vulnerability exists in a call to strcpy using the ProjectName parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 3.96

sources: NVD: CVE-2016-0860 // JVNDB: JVNDB-2016-001290 // ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // BID: 80745 // IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88370

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00389

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 1.4

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // BID: 80745 // JVNDB: JVNDB-2016-001290 // CNNVD: CNNVD-201601-333 // NVD: CVE-2016-0860

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-0860
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2016-0860
value: HIGH

Trust: 1.0

NVD: CVE-2016-0860
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-00389
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-333
value: CRITICAL

Trust: 0.6

IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-88370
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0860
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-0860
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

CNVD: CNVD-2016-00389
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88370
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0860
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // VULHUB: VHN-88370 // JVNDB: JVNDB-2016-001290 // CNNVD: CNNVD-201601-333 // NVD: CVE-2016-0860

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-88370 // JVNDB: JVNDB-2016-001290 // NVD: CVE-2016-0860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-333

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201601-333

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001290

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01

Trust: 1.4

title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess

Trust: 0.8

title:Patch for Advantech WebAccess Buffer Overflow Vulnerability (CNVD-2016-00389)url:https://www.cnvd.org.cn/patchInfo/show/70313

Trust: 0.6

title:Advantech WebAccess BwpAlarm Subsystem buffer overflow vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59651

Trust: 0.6

sources: ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // JVNDB: JVNDB-2016-001290 // CNNVD: CNNVD-201601-333

EXTERNAL IDS

db:NVDid:CVE-2016-0860

Trust: 5.0

db:ICS CERTid:ICSA-16-014-01

Trust: 2.8

db:ZDIid:ZDI-16-074

Trust: 1.8

db:ZDIid:ZDI-16-058

Trust: 1.8

db:CNNVDid:CNNVD-201601-333

Trust: 0.9

db:CNVDid:CNVD-2016-00389

Trust: 0.8

db:JVNDBid:JVNDB-2016-001290

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3227

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-3243

Trust: 0.7

db:BIDid:80745

Trust: 0.3

db:IVDid:64D0EC90-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-88370

Trust: 0.1

sources: IVD: 64d0ec90-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // VULHUB: VHN-88370 // BID: 80745 // JVNDB: JVNDB-2016-001290 // CNNVD: CNNVD-201601-333 // NVD: CVE-2016-0860

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01

Trust: 4.2

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0860

Trust: 1.4

url:http://www.zerodayinitiative.com/advisories/zdi-16-058

Trust: 1.1

url:http://www.zerodayinitiative.com/advisories/zdi-16-074

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0860

Trust: 0.8

url:http://webaccess.advantech.com

Trust: 0.3

sources: ZDI: ZDI-16-074 // ZDI: ZDI-16-058 // CNVD: CNVD-2016-00389 // VULHUB: VHN-88370 // BID: 80745 // JVNDB: JVNDB-2016-001290 // CNNVD: CNNVD-201601-333 // NVD: CVE-2016-0860

CREDITS

Anonymous

Trust: 1.4

sources: ZDI: ZDI-16-074 // ZDI: ZDI-16-058

SOURCES

db:IVDid:64d0ec90-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-074
db:ZDIid:ZDI-16-058
db:CNVDid:CNVD-2016-00389
db:VULHUBid:VHN-88370
db:BIDid:80745
db:JVNDBid:JVNDB-2016-001290
db:CNNVDid:CNNVD-201601-333
db:NVDid:CVE-2016-0860

LAST UPDATE DATE

2024-11-23T21:43:22.893000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-074date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-058date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00389date:2016-01-21T00:00:00
db:VULHUBid:VHN-88370date:2016-12-06T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001290date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-333date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0860date:2024-11-21T02:42:31.513

SOURCES RELEASE DATE

db:IVDid:64d0ec90-2351-11e6-abef-000c29c66e3ddate:2016-01-21T00:00:00
db:ZDIid:ZDI-16-074date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-058date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00389date:2016-01-21T00:00:00
db:VULHUBid:VHN-88370date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001290date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-333date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0860date:2016-01-15T03:59:21.890