Sign-up

ID

VAR-201601-0040


CVE

CVE-2016-0858


TITLE

Advantech WebAccess Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-001288

DESCRIPTION

Race condition in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x7920 IOCTL in the Kernel subsystem. A shared virtual memory overflow vulnerability exists in a call to strcpy. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 3.33

sources: NVD: CVE-2016-0858 // JVNDB: JVNDB-2016-001288 // ZDI: ZDI-16-105 // CNVD: CNVD-2016-00436 // BID: 80745 // IVD: 64d1d484-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88368

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64d1d484-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00436

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64d1d484-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-105 // CNVD: CNVD-2016-00436 // BID: 80745 // JVNDB: JVNDB-2016-001288 // CNNVD: CNNVD-201601-331 // NVD: CVE-2016-0858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0858
value: HIGH

Trust: 1.0

NVD: CVE-2016-0858
value: HIGH

Trust: 0.8

ZDI: CVE-2016-0858
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-00436
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-331
value: CRITICAL

Trust: 0.6

IVD: 64d1d484-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-88368
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0858
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2016-00436
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64d1d484-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88368
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0858
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 64d1d484-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-105 // CNVD: CNVD-2016-00436 // VULHUB: VHN-88368 // JVNDB: JVNDB-2016-001288 // CNNVD: CNNVD-201601-331 // NVD: CVE-2016-0858

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-362

Trust: 1.9

sources: VULHUB: VHN-88368 // JVNDB: JVNDB-2016-001288 // NVD: CVE-2016-0858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-331

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201601-331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001288

PATCH
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Trust: 0.7
title:Patch for Advantech WebAccess Competitive Condition Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/70380
Trust: 0.6
title:Advantech WebAccess Repair measures for competitive conditionsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59649
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-105 // 
            
            
            
            CNVD: CNVD-2016-00436 // 
            
            
            
            JVNDB: JVNDB-2016-001288 // 
            
            
            
            CNNVD: CNNVD-201601-331

EXTERNAL IDS
db:NVDid:CVE-2016-0858
Trust: 4.3
db:ICS CERTid:ICSA-16-014-01
Trust: 3.4
db:ZDIid:ZDI-16-105
Trust: 1.8
db:CNNVDid:CNNVD-201601-331
Trust: 0.9
db:CNVDid:CNVD-2016-00436
Trust: 0.8
db:JVNDBid:JVNDB-2016-001288
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3196
Trust: 0.7
db:BIDid:80745
Trust: 0.3
db:IVDid:64D1D484-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-88368
Trust: 0.1
sources:
            
            
            IVD: 64d1d484-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-16-105 // 
            
            
            
            CNVD: CNVD-2016-00436 // 
            
            
            
            VULHUB: VHN-88368 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001288 // 
            
            
            
            CNNVD: CNNVD-201601-331 // 
            
            
            
            NVD: CVE-2016-0858

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01
Trust: 4.1
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0858
Trust: 1.4
url:http://www.zerodayinitiative.com/advisories/zdi-16-105
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0858
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-105 // 
            
            
            
            CNVD: CNVD-2016-00436 // 
            
            
            
            VULHUB: VHN-88368 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001288 // 
            
            
            
            CNNVD: CNNVD-201601-331 // 
            
            
            
            NVD: CVE-2016-0858

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-105

SOURCES
db:IVDid:64d1d484-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-105
db:CNVDid:CNVD-2016-00436
db:VULHUBid:VHN-88368
db:BIDid:80745
db:JVNDBid:JVNDB-2016-001288
db:CNNVDid:CNNVD-201601-331
db:NVDid:CVE-2016-0858

LAST UPDATE DATE
2024-11-23T21:43:23.070000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-105date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00436date:2016-01-25T00:00:00
db:VULHUBid:VHN-88368date:2016-12-03T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001288date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-331date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0858date:2024-11-21T02:42:31.277

SOURCES RELEASE DATE
db:IVDid:64d1d484-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:ZDIid:ZDI-16-105date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00436date:2016-01-25T00:00:00
db:VULHUBid:VHN-88368date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001288date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-331date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0858date:2016-01-15T03:59:20.173