Sign-up

ID

VAR-201601-0041


CVE

CVE-2016-0859


TITLE

Advantech WebAccess Kernel service integer overflow vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2016-001289 // CNNVD: CNNVD-201601-332

DESCRIPTION

Integer overflow in the Kernel service in Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted RPC request. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x791E IOCTL in the Kernel subsystem. An integer overflow for alloc size vulnerability exists. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 3.33

sources: NVD: CVE-2016-0859 // JVNDB: JVNDB-2016-001289 // ZDI: ZDI-16-104 // CNVD: CNVD-2016-00437 // BID: 80745 // IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-88369

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00437

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-104 // CNVD: CNVD-2016-00437 // BID: 80745 // JVNDB: JVNDB-2016-001289 // CNNVD: CNNVD-201601-332 // NVD: CVE-2016-0859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0859
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0859
value: HIGH

Trust: 0.8

ZDI: CVE-2016-0859
value: HIGH

Trust: 0.7

CNVD: CNVD-2016-00437
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201601-332
value: CRITICAL

Trust: 0.6

IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-88369
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0859
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2016-0859
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2016-00437
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-88369
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0859
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-16-104 // CNVD: CNVD-2016-00437 // VULHUB: VHN-88369 // JVNDB: JVNDB-2016-001289 // CNNVD: CNNVD-201601-332 // NVD: CVE-2016-0859

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-88369 // JVNDB: JVNDB-2016-001289 // NVD: CVE-2016-0859

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-332

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201601-332

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001289

PATCH
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-16-014-01
Trust: 0.7
title:Patch for Advantech WebAccess Integer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/70381
Trust: 0.6
title:Advantech WebAccess Kernel Fixes for serving integer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59650
Trust: 0.6
sources:
            
            
            ZDI: ZDI-16-104 // 
            
            
            
            CNVD: CNVD-2016-00437 // 
            
            
            
            JVNDB: JVNDB-2016-001289 // 
            
            
            
            CNNVD: CNNVD-201601-332

EXTERNAL IDS
db:NVDid:CVE-2016-0859
Trust: 4.3
db:ICS CERTid:ICSA-16-014-01
Trust: 3.4
db:ZDIid:ZDI-16-104
Trust: 1.8
db:CNNVDid:CNNVD-201601-332
Trust: 0.9
db:CNVDid:CNVD-2016-00437
Trust: 0.8
db:JVNDBid:JVNDB-2016-001289
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-3197
Trust: 0.7
db:BIDid:80745
Trust: 0.3
db:IVDid:64D2D7A8-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-88369
Trust: 0.1
sources:
            
            
            IVD: 64d2d7a8-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-16-104 // 
            
            
            
            CNVD: CNVD-2016-00437 // 
            
            
            
            VULHUB: VHN-88369 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001289 // 
            
            
            
            CNNVD: CNNVD-201601-332 // 
            
            
            
            NVD: CVE-2016-0859

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01
Trust: 4.1
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0859
Trust: 1.4
url:http://www.zerodayinitiative.com/advisories/zdi-16-104
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0859
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-16-104 // 
            
            
            
            CNVD: CNVD-2016-00437 // 
            
            
            
            VULHUB: VHN-88369 // 
            
            
            
            BID: 80745 // 
            
            
            
            JVNDB: JVNDB-2016-001289 // 
            
            
            
            CNNVD: CNNVD-201601-332 // 
            
            
            
            NVD: CVE-2016-0859

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-16-104

SOURCES
db:IVDid:64d2d7a8-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-16-104
db:CNVDid:CNVD-2016-00437
db:VULHUBid:VHN-88369
db:BIDid:80745
db:JVNDBid:JVNDB-2016-001289
db:CNNVDid:CNNVD-201601-332
db:NVDid:CVE-2016-0859

LAST UPDATE DATE
2024-08-14T13:33:08.651000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-16-104date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00437date:2016-01-25T00:00:00
db:VULHUBid:VHN-88369date:2016-12-03T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001289date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-332date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0859date:2016-12-03T03:18:21.370

SOURCES RELEASE DATE
db:IVDid:64d2d7a8-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:ZDIid:ZDI-16-104date:2016-02-05T00:00:00
db:CNVDid:CNVD-2016-00437date:2016-01-25T00:00:00
db:VULHUBid:VHN-88369date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2016-001289date:2016-01-26T00:00:00
db:CNNVDid:CNNVD-201601-332date:2016-01-18T00:00:00
db:NVDid:CVE-2016-0859date:2016-01-15T03:59:21.030