Details of VAR-201601-0038

ID

VAR-201601-0038

CVE

CVE-2016-0856

TITLE

Advantech WebAccess datacore Service datacore.exe Username strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-16-112 // ZDI: ZDI-16-108

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27B0 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems

Trust: 11.07

sources: NVD: CVE-2016-0856 // ZDI: ZDI-16-090 // ZDI: ZDI-16-082 // ZDI: ZDI-16-080 // ZDI: ZDI-16-108 // ZDI: ZDI-16-115 // ZDI: ZDI-16-095 // ZDI: ZDI-16-118 // ZDI: ZDI-16-092 // ZDI: ZDI-16-063 // ZDI: ZDI-16-070 // ZDI: ZDI-16-060 // ZDI: ZDI-16-112 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 10.5
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-060 // ZDI: ZDI-16-070 // ZDI: ZDI-16-063 // ZDI: ZDI-16-092 // ZDI: ZDI-16-118 // ZDI: ZDI-16-095 // ZDI: ZDI-16-115 // ZDI: ZDI-16-108 // ZDI: ZDI-16-080 // ZDI: ZDI-16-082 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0856
value:	HIGH
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2016-00434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-329
value:	CRITICAL
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2016-0856
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2016-00434
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-0856
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 10.5
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)	url:	https://www.cnvd.org.cn/patchInfo/show/70378	Trust: 0.6
title:	Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647	Trust: 0.6

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-060 // ZDI: ZDI-16-070 // ZDI: ZDI-16-063 // ZDI: ZDI-16-092 // ZDI: ZDI-16-118 // ZDI: ZDI-16-095 // ZDI: ZDI-16-115 // ZDI: ZDI-16-108 // ZDI: ZDI-16-080 // ZDI: ZDI-16-082 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0856	Trust: 12.9
db:	ZDI	id:	ZDI-16-112	Trust: 1.7
db:	ZDI	id:	ZDI-16-118	Trust: 1.7
db:	ZDI	id:	ZDI-16-115	Trust: 1.7
db:	ZDI	id:	ZDI-16-108	Trust: 1.7
db:	ZDI	id:	ZDI-16-113	Trust: 1.0
db:	ZDI	id:	ZDI-16-102	Trust: 1.0
db:	ZDI	id:	ZDI-16-110	Trust: 1.0
db:	ZDI	id:	ZDI-16-114	Trust: 1.0
db:	ZDI	id:	ZDI-16-100	Trust: 1.0
db:	ZDI	id:	ZDI-16-111	Trust: 1.0
db:	ZDI	id:	ZDI-16-109	Trust: 1.0
db:	ZDI	id:	ZDI-16-117	Trust: 1.0
db:	ZDI	id:	ZDI-16-106	Trust: 1.0
db:	ZDI	id:	ZDI-16-120	Trust: 1.0
db:	ZDI	id:	ZDI-16-101	Trust: 1.0
db:	ZDI	id:	ZDI-16-116	Trust: 1.0
db:	ZDI	id:	ZDI-16-103	Trust: 1.0
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 1.0
db:	CNVD	id:	CNVD-2016-00434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-329	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3211	Trust: 0.7
db:	ZDI	id:	ZDI-16-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3239	Trust: 0.7
db:	ZDI	id:	ZDI-16-062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3207	Trust: 0.7
db:	ZDI	id:	ZDI-16-094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3175	Trust: 0.7
db:	ZDI	id:	ZDI-16-051	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3189	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3241	Trust: 0.7
db:	ZDI	id:	ZDI-16-060	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3231	Trust: 0.7
db:	ZDI	id:	ZDI-16-070	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3238	Trust: 0.7
db:	ZDI	id:	ZDI-16-063	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3209	Trust: 0.7
db:	ZDI	id:	ZDI-16-092	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3182	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3206	Trust: 0.7
db:	ZDI	id:	ZDI-16-095	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3185	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3193	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3221	Trust: 0.7
db:	ZDI	id:	ZDI-16-080	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3219	Trust: 0.7
db:	ZDI	id:	ZDI-16-082	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018030263	Trust: 0.6
db:	IVD	id:	64DBA96E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 11.5
url:	http://www.zerodayinitiative.com/advisories/zdi-16-120	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-103	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-112	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-109	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-113	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-101	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-114	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-117	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-118	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-102	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-100	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-110	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-111	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-115	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-116	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-108	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-106	Trust: 1.0
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2018030263	Trust: 0.6

CREDITS

Anonymous

Trust: 10.5

SOURCES

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-090
db:	ZDI	id:	ZDI-16-062
db:	ZDI	id:	ZDI-16-094
db:	ZDI	id:	ZDI-16-051
db:	ZDI	id:	ZDI-16-112
db:	ZDI	id:	ZDI-16-060
db:	ZDI	id:	ZDI-16-070
db:	ZDI	id:	ZDI-16-063
db:	ZDI	id:	ZDI-16-092
db:	ZDI	id:	ZDI-16-118
db:	ZDI	id:	ZDI-16-095
db:	ZDI	id:	ZDI-16-115
db:	ZDI	id:	ZDI-16-108
db:	ZDI	id:	ZDI-16-080
db:	ZDI	id:	ZDI-16-082
db:	CNVD	id:	CNVD-2016-00434
db:	CNNVD	id:	CNNVD-201601-329
db:	NVD	id:	CVE-2016-0856

LAST UPDATE DATE

2024-12-21T22:57:54.888000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-060	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-070	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-063	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-092	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-118	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-095	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-115	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-108	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-080	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2024-11-21T02:42:31.017

SOURCES RELEASE DATE

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-112	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-060	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-070	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-063	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-092	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-118	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-095	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-115	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-108	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-080	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-082	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2016-01-15T03:59:18.250