Sign-up

ID

VAR-201601-0034


CVE

CVE-2016-0852


TITLE

Advantech WebAccess Security Restriction Bypass Vulnerability

Trust: 0.8

sources: IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00430

DESCRIPTION

Advantech WebAccess before 8.1 allows remote attackers to bypass an intended administrative requirement and obtain file or folder access via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 2.7

sources: NVD: CVE-2016-0852 // JVNDB: JVNDB-2016-001282 // CNVD: CNVD-2016-00430 // BID: 80745 // IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88362

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00430

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00430 // BID: 80745 // JVNDB: JVNDB-2016-001282 // CNNVD: CNNVD-201601-325 // NVD: CVE-2016-0852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0852
value: HIGH

Trust: 1.0

NVD: CVE-2016-0852
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00430
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-325
value: MEDIUM

Trust: 0.6

IVD: 64d671ec-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-88362
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-0852
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00430
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64d671ec-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88362
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0852
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00430 // VULHUB: VHN-88362 // JVNDB: JVNDB-2016-001282 // CNNVD: CNNVD-201601-325 // NVD: CVE-2016-0852

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-88362 // JVNDB: JVNDB-2016-001282 // NVD: CVE-2016-0852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-325

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201601-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001282

PATCH
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess
Trust: 0.8
title:Advantech WebAccess security restrictions bypass the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/70375
Trust: 0.6
title:Advantech WebAccess Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59643
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00430 // 
            
            
            
            JVNDB: JVNDB-2016-001282 // 
            
            
            
            CNNVD: CNNVD-201601-325

EXTERNAL IDS
db:NVDid:CVE-2016-0852
Trust: 3.6
db:ICS CERTid:ICSA-16-014-01
Trust: 2.8
db:CNNVDid:CNNVD-201601-325
Trust: 0.9
db:CNVDid:CNVD-2016-00430
Trust: 0.8
db:JVNDBid:JVNDB-2016-001282
Trust: 0.8
db:BIDid:80745
Trust: 0.3
db:IVDid:64D671EC-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-88362
Trust: 0.1
sources:
            
            
            IVD: 64d671ec-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2016-00430 // 
            
            
            
            VULHUB: VHN-88362 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001282 // 
            
            
            
            CNNVD: CNNVD-201601-325 // 
            
            
            
            NVD: CVE-2016-0852

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0852
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0852
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0852
Trust: 0.6
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-00430 // 
            
            
            
            VULHUB: VHN-88362 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001282 // 
            
            
            
            CNNVD: CNNVD-201601-325 // 
            
            
            
            NVD: CVE-2016-0852

CREDITS
Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher
Trust: 0.3
sources:
            
            
            BID: 80745

SOURCES
db:IVDid:64d671ec-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-00430
db:VULHUBid:VHN-88362
db:BIDid:80745
db:JVNDBid:JVNDB-2016-001282
db:CNNVDid:CNNVD-201601-325
db:NVDid:CVE-2016-0852

LAST UPDATE DATE
2024-08-14T13:33:08.874000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00430date:2016-01-25T00:00:00
db:VULHUBid:VHN-88362date:2016-01-21T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001282date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-325date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0852date:2016-01-21T16:14:20.847

SOURCES RELEASE DATE
db:IVDid:64d671ec-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:CNVDid:CNVD-2016-00430date:2016-01-25T00:00:00
db:VULHUBid:VHN-88362date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001282date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-325date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0852date:2016-01-15T03:59:14.483