Details of VAR-201601-0038

ID

VAR-201601-0038

CVE

CVE-2016-0856

TITLE

Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.8

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-081 // ZDI: ZDI-16-089 // ZDI: ZDI-16-091

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2731 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems

Trust: 11.07

sources: NVD: CVE-2016-0856 // ZDI: ZDI-16-090 // ZDI: ZDI-16-091 // ZDI: ZDI-16-089 // ZDI: ZDI-16-109 // ZDI: ZDI-16-059 // ZDI: ZDI-16-101 // ZDI: ZDI-16-081 // ZDI: ZDI-16-049 // ZDI: ZDI-16-099 // ZDI: ZDI-16-111 // ZDI: ZDI-16-069 // ZDI: ZDI-16-079 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 10.5
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-079 // ZDI: ZDI-16-069 // ZDI: ZDI-16-111 // ZDI: ZDI-16-099 // ZDI: ZDI-16-049 // ZDI: ZDI-16-081 // ZDI: ZDI-16-101 // ZDI: ZDI-16-059 // ZDI: ZDI-16-109 // ZDI: ZDI-16-089 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0856
value:	HIGH
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2016-00434
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-329
value:	CRITICAL
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2016-0856
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 10.5
nvd@nist.gov:	CVE-2016-0856
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2016-00434
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64dba96e-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2016-0856
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.0

sources: NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 10.5
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)	url:	https://www.cnvd.org.cn/patchInfo/show/70378	Trust: 0.6
title:	Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647	Trust: 0.6

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-079 // ZDI: ZDI-16-069 // ZDI: ZDI-16-111 // ZDI: ZDI-16-099 // ZDI: ZDI-16-049 // ZDI: ZDI-16-081 // ZDI: ZDI-16-101 // ZDI: ZDI-16-059 // ZDI: ZDI-16-109 // ZDI: ZDI-16-089 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0856	Trust: 12.9
db:	ZDI	id:	ZDI-16-111	Trust: 1.7
db:	ZDI	id:	ZDI-16-101	Trust: 1.7
db:	ZDI	id:	ZDI-16-109	Trust: 1.7
db:	ZDI	id:	ZDI-16-108	Trust: 1.0
db:	ZDI	id:	ZDI-16-113	Trust: 1.0
db:	ZDI	id:	ZDI-16-112	Trust: 1.0
db:	ZDI	id:	ZDI-16-116	Trust: 1.0
db:	ZDI	id:	ZDI-16-100	Trust: 1.0
db:	ZDI	id:	ZDI-16-114	Trust: 1.0
db:	ZDI	id:	ZDI-16-117	Trust: 1.0
db:	ZDI	id:	ZDI-16-118	Trust: 1.0
db:	ZDI	id:	ZDI-16-103	Trust: 1.0
db:	ZDI	id:	ZDI-16-115	Trust: 1.0
db:	ZDI	id:	ZDI-16-106	Trust: 1.0
db:	ZDI	id:	ZDI-16-120	Trust: 1.0
db:	ZDI	id:	ZDI-16-110	Trust: 1.0
db:	ZDI	id:	ZDI-16-102	Trust: 1.0
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 1.0
db:	CNVD	id:	CNVD-2016-00434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-329	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3211	Trust: 0.7
db:	ZDI	id:	ZDI-16-090	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3239	Trust: 0.7
db:	ZDI	id:	ZDI-16-062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3207	Trust: 0.7
db:	ZDI	id:	ZDI-16-094	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3175	Trust: 0.7
db:	ZDI	id:	ZDI-16-051	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3222	Trust: 0.7
db:	ZDI	id:	ZDI-16-079	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3232	Trust: 0.7
db:	ZDI	id:	ZDI-16-069	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3190	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3202	Trust: 0.7
db:	ZDI	id:	ZDI-16-099	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3150	Trust: 0.7
db:	ZDI	id:	ZDI-16-049	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3220	Trust: 0.7
db:	ZDI	id:	ZDI-16-081	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3200	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3242	Trust: 0.7
db:	ZDI	id:	ZDI-16-059	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3192	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3212	Trust: 0.7
db:	ZDI	id:	ZDI-16-089	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3210	Trust: 0.7
db:	ZDI	id:	ZDI-16-091	Trust: 0.7
db:	CXSECURITY	id:	WLB-2018030263	Trust: 0.6
db:	IVD	id:	64DBA96E-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 11.5
url:	http://www.zerodayinitiative.com/advisories/zdi-16-114	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-118	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-112	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-108	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-101	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-116	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-113	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-106	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-120	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-100	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-110	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-109	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-111	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-103	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-115	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-117	Trust: 1.0
url:	http://www.zerodayinitiative.com/advisories/zdi-16-102	Trust: 1.0
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2018030263	Trust: 0.6

CREDITS

Anonymous

Trust: 10.5

SOURCES

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-090
db:	ZDI	id:	ZDI-16-062
db:	ZDI	id:	ZDI-16-094
db:	ZDI	id:	ZDI-16-051
db:	ZDI	id:	ZDI-16-079
db:	ZDI	id:	ZDI-16-069
db:	ZDI	id:	ZDI-16-111
db:	ZDI	id:	ZDI-16-099
db:	ZDI	id:	ZDI-16-049
db:	ZDI	id:	ZDI-16-081
db:	ZDI	id:	ZDI-16-101
db:	ZDI	id:	ZDI-16-059
db:	ZDI	id:	ZDI-16-109
db:	ZDI	id:	ZDI-16-089
db:	ZDI	id:	ZDI-16-091
db:	CNVD	id:	CNVD-2016-00434
db:	CNNVD	id:	CNNVD-201601-329
db:	NVD	id:	CVE-2016-0856

LAST UPDATE DATE

2025-04-26T22:31:53.507000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-079	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-069	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-111	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-099	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-049	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-081	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-101	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-059	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-109	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-089	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-091	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2021-08-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	64dba96e-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-090	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-062	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-094	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-051	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-079	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-069	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-111	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-099	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-049	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-081	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-101	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-059	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-109	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-089	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-091	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00434	date:	2016-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201601-329	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0856	date:	2016-01-15T03:59:18.250