Sign-up

ID

VAR-201601-0038


CVE

CVE-2016-0856


TITLE

Advantech WebAccess webvrpcs Service BwKrlApi.dll strcpy Stack-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-16-090 // ZDI: ZDI-16-086 // ZDI: ZDI-16-091

DESCRIPTION

Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2789 IOCTL in the ViewSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 11.16

sources: NVD: CVE-2016-0856 // ZDI: ZDI-16-090 // ZDI: ZDI-16-091 // ZDI: ZDI-16-076 // ZDI: ZDI-16-059 // ZDI: ZDI-16-093 // ZDI: ZDI-16-100 // ZDI: ZDI-16-111 // ZDI: ZDI-16-116 // ZDI: ZDI-16-061 // ZDI: ZDI-16-086 // ZDI: ZDI-16-056 // ZDI: ZDI-16-112 // ZDI: ZDI-16-051 // ZDI: ZDI-16-094 // ZDI: ZDI-16-062 // CNVD: CNVD-2016-00434 // IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88366

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00434

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 10.5

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-056 // ZDI: ZDI-16-086 // ZDI: ZDI-16-061 // ZDI: ZDI-16-116 // ZDI: ZDI-16-111 // ZDI: ZDI-16-100 // ZDI: ZDI-16-093 // ZDI: ZDI-16-059 // ZDI: ZDI-16-076 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2016-0856
value: HIGH

Trust: 10.5

nvd@nist.gov: CVE-2016-0856
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2016-00434
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-329
value: CRITICAL

Trust: 0.6

IVD: 64dba96e-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-88366
value: HIGH

Trust: 0.1

ZDI: CVE-2016-0856
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 10.5

nvd@nist.gov: CVE-2016-0856
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2016-00434
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64dba96e-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88366
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0856
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-090 // ZDI: ZDI-16-062 // ZDI: ZDI-16-094 // ZDI: ZDI-16-051 // ZDI: ZDI-16-112 // ZDI: ZDI-16-056 // ZDI: ZDI-16-086 // ZDI: ZDI-16-061 // ZDI: ZDI-16-116 // ZDI: ZDI-16-111 // ZDI: ZDI-16-100 // ZDI: ZDI-16-093 // ZDI: ZDI-16-059 // ZDI: ZDI-16-076 // ZDI: ZDI-16-091 // CNVD: CNVD-2016-00434 // VULHUB: VHN-88366 // CNNVD: CNNVD-201601-329 // NVD: CVE-2016-0856

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-88366 // NVD: CVE-2016-0856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201601-329

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-88366

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Trust: 10.5
title:Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2016-00434)url:https://www.cnvd.org.cn/patchInfo/show/70378
Trust: 0.6
title:Advantech WebAccess Fixes for stack-based buffer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59647
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-090 // 
            
            
            
            ZDI: ZDI-16-062 // 
            
            
            
            ZDI: ZDI-16-094 // 
            
            
            
            ZDI: ZDI-16-051 // 
            
            
            
            ZDI: ZDI-16-112 // 
            
            
            
            ZDI: ZDI-16-056 // 
            
            
            
            ZDI: ZDI-16-086 // 
            
            
            
            ZDI: ZDI-16-061 // 
            
            
            
            ZDI: ZDI-16-116 // 
            
            
            
            ZDI: ZDI-16-111 // 
            
            
            
            ZDI: ZDI-16-100 // 
            
            
            
            ZDI: ZDI-16-093 // 
            
            
            
            ZDI: ZDI-16-059 // 
            
            
            
            ZDI: ZDI-16-076 // 
            
            
            
            ZDI: ZDI-16-091 // 
            
            
            
            CNVD: CNVD-2016-00434 // 
            
            
            
            CNNVD: CNNVD-201601-329

EXTERNAL IDS
db:NVDid:CVE-2016-0856
Trust: 13.0
db:ZDIid:ZDI-16-112
Trust: 1.8
db:ZDIid:ZDI-16-116
Trust: 1.8
db:ZDIid:ZDI-16-111
Trust: 1.8
db:ZDIid:ZDI-16-100
Trust: 1.8
db:ZDIid:ZDI-16-110
Trust: 1.1
db:ZDIid:ZDI-16-115
Trust: 1.1
db:ZDIid:ZDI-16-113
Trust: 1.1
db:ZDIid:ZDI-16-106
Trust: 1.1
db:ZDIid:ZDI-16-118
Trust: 1.1
db:ZDIid:ZDI-16-120
Trust: 1.1
db:ZDIid:ZDI-16-103
Trust: 1.1
db:ZDIid:ZDI-16-114
Trust: 1.1
db:ZDIid:ZDI-16-101
Trust: 1.1
db:ZDIid:ZDI-16-117
Trust: 1.1
db:ZDIid:ZDI-16-102
Trust: 1.1
db:ZDIid:ZDI-16-108
Trust: 1.1
db:ZDIid:ZDI-16-109
Trust: 1.1
db:ICS CERTid:ICSA-16-014-01
Trust: 1.1
db:CNNVDid:CNNVD-201601-329
Trust: 0.9
db:CNVDid:CNVD-2016-00434
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3211
Trust: 0.7
db:ZDIid:ZDI-16-090
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3239
Trust: 0.7
db:ZDIid:ZDI-16-062
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3207
Trust: 0.7
db:ZDIid:ZDI-16-094
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3175
Trust: 0.7
db:ZDIid:ZDI-16-051
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3189
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3245
Trust: 0.7
db:ZDIid:ZDI-16-056
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3215
Trust: 0.7
db:ZDIid:ZDI-16-086
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3240
Trust: 0.7
db:ZDIid:ZDI-16-061
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3184
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3190
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3201
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3208
Trust: 0.7
db:ZDIid:ZDI-16-093
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3242
Trust: 0.7
db:ZDIid:ZDI-16-059
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3225
Trust: 0.7
db:ZDIid:ZDI-16-076
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-3210
Trust: 0.7
db:ZDIid:ZDI-16-091
Trust: 0.7
db:CXSECURITYid:WLB-2018030263
Trust: 0.6
db:IVDid:64DBA96E-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:146976
Trust: 0.1
db:VULHUBid:VHN-88366
Trust: 0.1
sources:
            
            
            IVD: 64dba96e-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-16-090 // 
            
            
            
            ZDI: ZDI-16-062 // 
            
            
            
            ZDI: ZDI-16-094 // 
            
            
            
            ZDI: ZDI-16-051 // 
            
            
            
            ZDI: ZDI-16-112 // 
            
            
            
            ZDI: ZDI-16-056 // 
            
            
            
            ZDI: ZDI-16-086 // 
            
            
            
            ZDI: ZDI-16-061 // 
            
            
            
            ZDI: ZDI-16-116 // 
            
            
            
            ZDI: ZDI-16-111 // 
            
            
            
            ZDI: ZDI-16-100 // 
            
            
            
            ZDI: ZDI-16-093 // 
            
            
            
            ZDI: ZDI-16-059 // 
            
            
            
            ZDI: ZDI-16-076 // 
            
            
            
            ZDI: ZDI-16-091 // 
            
            
            
            CNVD: CNVD-2016-00434 // 
            
            
            
            VULHUB: VHN-88366 // 
            
            
            
            CNNVD: CNNVD-201601-329 // 
            
            
            
            NVD: CVE-2016-0856

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01
Trust: 11.6
url:http://www.zerodayinitiative.com/advisories/zdi-16-100
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-101
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-102
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-103
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-106
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-108
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-109
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-110
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-111
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-112
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-113
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-114
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-115
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-116
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-117
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-118
Trust: 1.1
url:http://www.zerodayinitiative.com/advisories/zdi-16-120
Trust: 1.1
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0856
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2018030263
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-090 // 
            
            
            
            ZDI: ZDI-16-062 // 
            
            
            
            ZDI: ZDI-16-094 // 
            
            
            
            ZDI: ZDI-16-051 // 
            
            
            
            ZDI: ZDI-16-112 // 
            
            
            
            ZDI: ZDI-16-056 // 
            
            
            
            ZDI: ZDI-16-086 // 
            
            
            
            ZDI: ZDI-16-061 // 
            
            
            
            ZDI: ZDI-16-116 // 
            
            
            
            ZDI: ZDI-16-111 // 
            
            
            
            ZDI: ZDI-16-100 // 
            
            
            
            ZDI: ZDI-16-093 // 
            
            
            
            ZDI: ZDI-16-059 // 
            
            
            
            ZDI: ZDI-16-076 // 
            
            
            
            ZDI: ZDI-16-091 // 
            
            
            
            CNVD: CNVD-2016-00434 // 
            
            
            
            VULHUB: VHN-88366 // 
            
            
            
            CNNVD: CNNVD-201601-329 // 
            
            
            
            NVD: CVE-2016-0856

CREDITS
Anonymous
Trust: 10.5
sources:
            
            
            ZDI: ZDI-16-090 // 
            
            
            
            ZDI: ZDI-16-062 // 
            
            
            
            ZDI: ZDI-16-094 // 
            
            
            
            ZDI: ZDI-16-051 // 
            
            
            
            ZDI: ZDI-16-112 // 
            
            
            
            ZDI: ZDI-16-056 // 
            
            
            
            ZDI: ZDI-16-086 // 
            
            
            
            ZDI: ZDI-16-061 // 
            
            
            
            ZDI: ZDI-16-116 // 
            
            
            
            ZDI: ZDI-16-111 // 
            
            
            
            ZDI: ZDI-16-100 // 
            
            
            
            ZDI: ZDI-16-093 // 
            
            
            
            ZDI: ZDI-16-059 // 
            
            
            
            ZDI: ZDI-16-076 // 
            
            
            
            ZDI: ZDI-16-091

SOURCES
db:IVDid:64dba96e-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-090
db:ZDIid:ZDI-16-062
db:ZDIid:ZDI-16-094
db:ZDIid:ZDI-16-051
db:ZDIid:ZDI-16-112
db:ZDIid:ZDI-16-056
db:ZDIid:ZDI-16-086
db:ZDIid:ZDI-16-061
db:ZDIid:ZDI-16-116
db:ZDIid:ZDI-16-111
db:ZDIid:ZDI-16-100
db:ZDIid:ZDI-16-093
db:ZDIid:ZDI-16-059
db:ZDIid:ZDI-16-076
db:ZDIid:ZDI-16-091
db:CNVDid:CNVD-2016-00434
db:VULHUBid:VHN-88366
db:CNNVDid:CNNVD-201601-329
db:NVDid:CVE-2016-0856

LAST UPDATE DATE
2024-11-20T22:29:18.035000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-090date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-062date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-094date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-051date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-112date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-056date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-086date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-061date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-116date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-111date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-100date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-093date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-059date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-076date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-091date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00434date:2016-01-25T00:00:00
db:VULHUBid:VHN-88366date:2016-12-03T00:00:00
db:CNNVDid:CNNVD-201601-329date:2021-08-18T00:00:00
db:NVDid:CVE-2016-0856date:2016-12-03T03:18:18.117

SOURCES RELEASE DATE
db:IVDid:64dba96e-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:ZDIid:ZDI-16-090date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-062date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-094date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-051date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-112date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-056date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-086date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-061date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-116date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-111date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-100date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-093date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-059date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-076date:2016-02-05T00:00:00
db:ZDIid:ZDI-16-091date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00434date:2016-01-25T00:00:00
db:VULHUBid:VHN-88366date:2016-01-15T00:00:00
db:CNNVDid:CNNVD-201601-329date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0856date:2016-01-15T03:59:18.250