Details of VAR-201601-0033

ID

VAR-201601-0033

CVE

CVE-2016-0851

TITLE

Advantech WebAccess Denial of service vulnerability

Trust: 0.8

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00428

DESCRIPTION

Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service (out-of-bounds memory access) via unspecified vectors. Advantech WebAccess There is a service disruption ( Access outside the memory area ) There are vulnerabilities that are put into a state.Service disruption by a third party ( Access outside the memory area ) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable instances of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x13881 IOCTL in the BwOpcTool subsystem. An uncontrolled format string vulnerability exists in a call to sprintf. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 3.33

sources: NVD: CVE-2016-0851 // JVNDB: JVNDB-2016-001072 // ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // BID: 80745 // IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88361

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00428

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // BID: 80745 // JVNDB: JVNDB-2016-001072 // CNNVD: CNNVD-201601-324 // NVD: CVE-2016-0851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0851
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-0851
value:	HIGH
Trust: 0.8
ZDI:	CVE-2016-0851
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2016-00428
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-324
value:	HIGH
Trust: 0.6
IVD:	64d581ec-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-88361
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-0851
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2016-0851
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2016-00428
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64d581ec-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-88361
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0851
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // VULHUB: VHN-88361 // JVNDB: JVNDB-2016-001072 // CNNVD: CNNVD-201601-324 // NVD: CVE-2016-0851

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-88361 // JVNDB: JVNDB-2016-001072 // NVD: CVE-2016-0851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-324

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201601-324

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001072

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 0.7
title:	Advantech WebAccess denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/70373	Trust: 0.6
title:	Advantech WebAccess Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59642	Trust: 0.6

sources: ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // JVNDB: JVNDB-2016-001072 // CNNVD: CNNVD-201601-324

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0851	Trust: 4.3
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 2.8
db:	CNNVD	id:	CNNVD-201601-324	Trust: 0.9
db:	CNVD	id:	CNVD-2016-00428	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001072	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3173	Trust: 0.7
db:	ZDI	id:	ZDI-16-052	Trust: 0.7
db:	BID	id:	80745	Trust: 0.3
db:	IVD	id:	64D581EC-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-88361	Trust: 0.1

sources: IVD: 64d581ec-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // VULHUB: VHN-88361 // BID: 80745 // JVNDB: JVNDB-2016-001072 // CNNVD: CNNVD-201601-324 // NVD: CVE-2016-0851

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 3.5
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0851	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0851	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0851	Trust: 0.6
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-16-052 // CNVD: CNVD-2016-00428 // VULHUB: VHN-88361 // BID: 80745 // JVNDB: JVNDB-2016-001072 // CNNVD: CNNVD-201601-324 // NVD: CVE-2016-0851

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-16-052

SOURCES

db:	IVD	id:	64d581ec-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-052
db:	CNVD	id:	CNVD-2016-00428
db:	VULHUB	id:	VHN-88361
db:	BID	id:	80745
db:	JVNDB	id:	JVNDB-2016-001072
db:	CNNVD	id:	CNNVD-201601-324
db:	NVD	id:	CVE-2016-0851

LAST UPDATE DATE

2024-08-14T13:33:08.698000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-052	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00428	date:	2016-01-25T00:00:00
db:	VULHUB	id:	VHN-88361	date:	2016-01-20T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-001072	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-324	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2016-0851	date:	2016-01-20T19:55:10.737

SOURCES RELEASE DATE

db:	IVD	id:	64d581ec-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-052	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00428	date:	2016-01-25T00:00:00
db:	VULHUB	id:	VHN-88361	date:	2016-01-15T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-001072	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-324	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0851	date:	2016-01-15T03:59:13.437