Details of VAR-201601-0039

ID

VAR-201601-0039

CVE

CVE-2016-0857

TITLE

Advantech WebAccess webvrpcs Service BwpAlarm.dll strcpy Heap-Based Buffer Overflow Remote Code Execution Vulnerability

Trust: 2.8

sources: ZDI: ZDI-16-065 // ZDI: ZDI-16-066 // ZDI: ZDI-16-064 // ZDI: ZDI-16-068

DESCRIPTION

Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x11367 IOCTL in the BwpAlarm subsystem. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 7.74

sources: NVD: CVE-2016-0857 // JVNDB: JVNDB-2016-001287 // ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // BID: 80745 // IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88367

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00435

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 5.6
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.1	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	lte	version:	8.0	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // BID: 80745 // JVNDB: JVNDB-2016-001287 // CNNVD: CNNVD-201601-330 // NVD: CVE-2016-0857

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2016-0857
value:	HIGH
Trust: 5.6
nvd@nist.gov:	CVE-2016-0857
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-0857
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-00435
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201601-330
value:	CRITICAL
Trust: 0.6
IVD:	64cfd42c-2351-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-88367
value:	HIGH
Trust: 0.1

ZDI:	CVE-2016-0857
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 5.6
nvd@nist.gov:	CVE-2016-0857
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00435
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64cfd42c-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-88367
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0857
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // VULHUB: VHN-88367 // JVNDB: JVNDB-2016-001287 // CNNVD: CNNVD-201601-330 // NVD: CVE-2016-0857

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-88367 // JVNDB: JVNDB-2016-001287 // NVD: CVE-2016-0857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-330

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201601-330

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001287

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01	Trust: 5.6
title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/70379	Trust: 0.6
title:	Advantech WebAccess Fixes for heap-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59648	Trust: 0.6

sources: ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // JVNDB: JVNDB-2016-001287 // CNNVD: CNNVD-201601-330

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0857	Trust: 9.2
db:	ICS CERT	id:	ICSA-16-014-01	Trust: 2.8
db:	ZDI	id:	ZDI-16-121	Trust: 1.8
db:	ZDI	id:	ZDI-16-119	Trust: 1.8
db:	ZDI	id:	ZDI-16-107	Trust: 1.8
db:	CNNVD	id:	CNNVD-201601-330	Trust: 0.9
db:	CNVD	id:	CNVD-2016-00435	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001287	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3236	Trust: 0.7
db:	ZDI	id:	ZDI-16-065	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3178	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3235	Trust: 0.7
db:	ZDI	id:	ZDI-16-066	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3180	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3194	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3237	Trust: 0.7
db:	ZDI	id:	ZDI-16-064	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3234	Trust: 0.7
db:	ZDI	id:	ZDI-16-067	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-3233	Trust: 0.7
db:	ZDI	id:	ZDI-16-068	Trust: 0.7
db:	BID	id:	80745	Trust: 0.3
db:	IVD	id:	64CFD42C-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-88367	Trust: 0.1

sources: IVD: 64cfd42c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // VULHUB: VHN-88367 // BID: 80745 // JVNDB: JVNDB-2016-001287 // CNNVD: CNNVD-201601-330 // NVD: CVE-2016-0857

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-014-01	Trust: 8.4
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0857	Trust: 1.4
url:	http://www.zerodayinitiative.com/advisories/zdi-16-107	Trust: 1.1
url:	http://www.zerodayinitiative.com/advisories/zdi-16-119	Trust: 1.1
url:	http://www.zerodayinitiative.com/advisories/zdi-16-121	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0857	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068 // CNVD: CNVD-2016-00435 // VULHUB: VHN-88367 // BID: 80745 // JVNDB: JVNDB-2016-001287 // CNNVD: CNNVD-201601-330 // NVD: CVE-2016-0857

CREDITS

Anonymous

Trust: 5.6

sources: ZDI: ZDI-16-065 // ZDI: ZDI-16-121 // ZDI: ZDI-16-066 // ZDI: ZDI-16-119 // ZDI: ZDI-16-107 // ZDI: ZDI-16-064 // ZDI: ZDI-16-067 // ZDI: ZDI-16-068

SOURCES

db:	IVD	id:	64cfd42c-2351-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-16-065
db:	ZDI	id:	ZDI-16-121
db:	ZDI	id:	ZDI-16-066
db:	ZDI	id:	ZDI-16-119
db:	ZDI	id:	ZDI-16-107
db:	ZDI	id:	ZDI-16-064
db:	ZDI	id:	ZDI-16-067
db:	ZDI	id:	ZDI-16-068
db:	CNVD	id:	CNVD-2016-00435
db:	VULHUB	id:	VHN-88367
db:	BID	id:	80745
db:	JVNDB	id:	JVNDB-2016-001287
db:	CNNVD	id:	CNNVD-201601-330
db:	NVD	id:	CVE-2016-0857

LAST UPDATE DATE

2024-08-14T13:33:08.922000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-16-065	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-121	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-066	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-119	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-107	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-064	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-067	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-068	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00435	date:	2016-01-25T00:00:00
db:	VULHUB	id:	VHN-88367	date:	2016-12-03T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-001287	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-330	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0857	date:	2016-12-03T03:18:19.290

SOURCES RELEASE DATE

db:	IVD	id:	64cfd42c-2351-11e6-abef-000c29c66e3d	date:	2016-01-25T00:00:00
db:	ZDI	id:	ZDI-16-065	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-121	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-066	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-119	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-107	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-064	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-067	date:	2016-02-05T00:00:00
db:	ZDI	id:	ZDI-16-068	date:	2016-02-05T00:00:00
db:	CNVD	id:	CNVD-2016-00435	date:	2016-01-25T00:00:00
db:	VULHUB	id:	VHN-88367	date:	2016-01-15T00:00:00
db:	BID	id:	80745	date:	2016-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-001287	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-330	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-0857	date:	2016-01-15T03:59:19.313