Sign-up

ID

VAR-201601-0037


CVE

CVE-2016-0855


TITLE

Advantech WebAccess Directory Traversal Vulnerability

Trust: 1.4

sources: IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00431 // CNNVD: CNNVD-201601-328

DESCRIPTION

Directory traversal vulnerability in Advantech WebAccess before 8.1 allows remote attackers to list arbitrary virtual-directory files via unspecified vectors. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the removeFile script allows unauthenticated callers to remove key system files, blocking WebAccess for all users. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 5.85

sources: NVD: CVE-2016-0855 // JVNDB: JVNDB-2016-001285 // ZDI: ZDI-16-125 // ZDI: ZDI-16-122 // ZDI: ZDI-16-126 // ZDI: ZDI-16-124 // ZDI: ZDI-16-123 // CNVD: CNVD-2016-00431 // BID: 80745 // IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88365

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00431

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 3.5

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-125 // ZDI: ZDI-16-122 // ZDI: ZDI-16-126 // ZDI: ZDI-16-124 // ZDI: ZDI-16-123 // CNVD: CNVD-2016-00431 // BID: 80745 // JVNDB: JVNDB-2016-001285 // CNNVD: CNNVD-201601-328 // NVD: CVE-2016-0855

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-0855
value: HIGH

Trust: 3.5

nvd@nist.gov: CVE-2016-0855
value: HIGH

Trust: 1.0

NVD: CVE-2016-0855
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00431
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-328
value: MEDIUM

Trust: 0.6

IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-88365
value: MEDIUM

Trust: 0.1

ZDI: CVE-2016-0855
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.8

nvd@nist.gov: CVE-2016-0855
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-0855
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-00431
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88365
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0855
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-125 // ZDI: ZDI-16-122 // ZDI: ZDI-16-126 // ZDI: ZDI-16-124 // ZDI: ZDI-16-123 // CNVD: CNVD-2016-00431 // VULHUB: VHN-88365 // JVNDB: JVNDB-2016-001285 // CNNVD: CNNVD-201601-328 // NVD: CVE-2016-0855

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-88365 // JVNDB: JVNDB-2016-001285 // NVD: CVE-2016-0855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-328

TYPE

Path traversal

Trust: 0.8

sources: IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201601-328

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001285

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Trust: 3.5
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess
Trust: 0.8
title:Advantech WebAccess Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/70377
Trust: 0.6
title:Advantech WebAccess Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59646
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-125 // 
            
            
            
            ZDI: ZDI-16-122 // 
            
            
            
            ZDI: ZDI-16-126 // 
            
            
            
            ZDI: ZDI-16-124 // 
            
            
            
            ZDI: ZDI-16-123 // 
            
            
            
            CNVD: CNVD-2016-00431 // 
            
            
            
            JVNDB: JVNDB-2016-001285 // 
            
            
            
            CNNVD: CNNVD-201601-328

EXTERNAL IDS
db:NVDid:CVE-2016-0855
Trust: 7.1
db:ICS CERTid:ICSA-16-014-01
Trust: 2.8
db:ZDIid:ZDI-16-125
Trust: 1.8
db:ZDIid:ZDI-16-122
Trust: 1.8
db:ZDIid:ZDI-16-126
Trust: 1.8
db:ZDIid:ZDI-16-124
Trust: 1.8
db:ZDIid:ZDI-16-123
Trust: 1.8
db:CNNVDid:CNNVD-201601-328
Trust: 0.9
db:CNVDid:CNVD-2016-00431
Trust: 0.8
db:JVNDBid:JVNDB-2016-001285
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3129
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3132
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3133
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3130
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3131
Trust: 0.7
db:BIDid:80745
Trust: 0.3
db:IVDid:64DACB3E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-88365
Trust: 0.1
sources:
            
            
            IVD: 64dacb3e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-16-125 // 
            
            
            
            ZDI: ZDI-16-122 // 
            
            
            
            ZDI: ZDI-16-126 // 
            
            
            
            ZDI: ZDI-16-124 // 
            
            
            
            ZDI: ZDI-16-123 // 
            
            
            
            CNVD: CNVD-2016-00431 // 
            
            
            
            VULHUB: VHN-88365 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001285 // 
            
            
            
            CNNVD: CNNVD-201601-328 // 
            
            
            
            NVD: CVE-2016-0855

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01
Trust: 6.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0855
Trust: 1.4
url:http://www.zerodayinitiative.com/advisories/zdi-16-122
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-123
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-124
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-125
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-126
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0855
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-125 // 
            
            
            
            ZDI: ZDI-16-122 // 
            
            
            
            ZDI: ZDI-16-126 // 
            
            
            
            ZDI: ZDI-16-124 // 
            
            
            
            ZDI: ZDI-16-123 // 
            
            
            
            CNVD: CNVD-2016-00431 // 
            
            
            
            VULHUB: VHN-88365 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001285 // 
            
            
            
            CNNVD: CNNVD-201601-328 // 
            
            
            
            NVD: CVE-2016-0855

CREDITS
rgod
Trust: 2.8
sources:
            
            
            ZDI: ZDI-16-125 // 
            
            
            
            ZDI: ZDI-16-122 // 
            
            
            
            ZDI: ZDI-16-124 // 
            
            
            
            ZDI: ZDI-16-123

SOURCES
db:IVDid:64dacb3e-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-125
db:ZDIid:ZDI-16-122
db:ZDIid:ZDI-16-126
db:ZDIid:ZDI-16-124
db:ZDIid:ZDI-16-123
db:CNVDid:CNVD-2016-00431
db:VULHUBid:VHN-88365
db:BIDid:80745
db:JVNDBid:JVNDB-2016-001285
db:CNNVDid:CNNVD-201601-328
db:NVDid:CVE-2016-0855

LAST UPDATE DATE
2024-08-14T13:33:09.370000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-125date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-122date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-126date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-124date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-123date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00431date:2016-01-25T00:00:00
db:VULHUBid:VHN-88365date:2016-12-03T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001285date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-328date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0855date:2016-12-03T03:18:16.853

SOURCES RELEASE DATE
db:IVDid:64dacb3e-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:ZDIid:ZDI-16-125date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-122date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-126date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-124date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-123date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00431date:2016-01-25T00:00:00
db:VULHUBid:VHN-88365date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001285date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-328date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0855date:2016-01-15T03:59:17.357