ID

VAR-201601-0642


CVE

CVE-2015-3948


TITLE

Advantech WebAccess Cross-Site Scripting Vulnerability

Trust: 1.4

sources: IVD: 64e67164-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00427 // CNNVD: CNNVD-201601-322

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. Advantech WebAccess is prone to following security vulnerabilities: 1. A denial-of-service vulnerability 2. An arbitrary file-upload vulnerability 3. A directory-traversal vulnerability 4. Multiple stack-based buffer-overflow vulnerabilities 5. A heap-based buffer overflow vulnerability 6. Multiple buffer-overflow vulnerabilities 7. Multiple information disclosure vulnerabilities 8. A cross-site scripting vulnerability 9. An SQL-injection vulnerability 10. A cross-site request forgery vulnerability 11. A remote-code execution vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, cause a denial-of-service condition, upload arbitrary files, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to use directory-traversal sequences ('../') to retrieve arbitrary files, obtain sensitive information and perform certain unauthorized actions. This may aid in further attacks. Advantech WebAccess 8.0 and prior versions are vulnerable. Advantech WebAccess is a browser-based HMI/SCADA software developed by Advantech

Trust: 2.7

sources: NVD: CVE-2015-3948 // JVNDB: JVNDB-2015-006786 // CNVD: CNVD-2016-00427 // BID: 80745 // IVD: 64e67164-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-81909

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 64e67164-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00427

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:ltversion:8.1

Trust: 1.4

vendor:advantechmodel:webaccessscope:lteversion:8.0

Trust: 1.0

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.1

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 64e67164-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00427 // BID: 80745 // JVNDB: JVNDB-2015-006786 // CNNVD: CNNVD-201601-322 // NVD: CVE-2015-3948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3948
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3948
value: LOW

Trust: 0.8

CNVD: CNVD-2016-00427
value: LOW

Trust: 0.6

CNNVD: CNNVD-201601-322
value: LOW

Trust: 0.6

IVD: 64e67164-2351-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

VULHUB: VHN-81909
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-3948
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00427
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 64e67164-2351-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-81909
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-3948
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: IVD: 64e67164-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00427 // VULHUB: VHN-81909 // JVNDB: JVNDB-2015-006786 // CNNVD: CNNVD-201601-322 // NVD: CVE-2015-3948

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-81909 // JVNDB: JVNDB-2015-006786 // NVD: CVE-2015-3948

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-322

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-322

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006786

PATCH

title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess

Trust: 0.8

title:Patch for Advantech WebAccess Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/70372

Trust: 0.6

title:Advantech WebAccess Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59640

Trust: 0.6

sources: CNVD: CNVD-2016-00427 // JVNDB: JVNDB-2015-006786 // CNNVD: CNNVD-201601-322

EXTERNAL IDS

db:NVDid:CVE-2015-3948

Trust: 3.6

db:ICS CERTid:ICSA-16-014-01

Trust: 2.8

db:CNNVDid:CNNVD-201601-322

Trust: 0.9

db:CNVDid:CNVD-2016-00427

Trust: 0.8

db:JVNDBid:JVNDB-2015-006786

Trust: 0.8

db:BIDid:80745

Trust: 0.3

db:IVDid:64E67164-2351-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-81909

Trust: 0.1

sources: IVD: 64e67164-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2016-00427 // VULHUB: VHN-81909 // BID: 80745 // JVNDB: JVNDB-2015-006786 // CNNVD: CNNVD-201601-322 // NVD: CVE-2015-3948

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-16-014-01

Trust: 2.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3948

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3948

Trust: 0.8

url:http://webaccess.advantech.com

Trust: 0.3

sources: CNVD: CNVD-2016-00427 // VULHUB: VHN-81909 // BID: 80745 // JVNDB: JVNDB-2015-006786 // CNNVD: CNNVD-201601-322 // NVD: CVE-2015-3948

CREDITS

Ilya Karpov of Positive Technologies, Ivan Sanchez, Andrea Micalizzi, Ariele Caltabiano, Fritz Sands, Steven Seeley, and an anonymous researcher

Trust: 0.3

sources: BID: 80745

SOURCES

db:IVDid:64e67164-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2016-00427
db:VULHUBid:VHN-81909
db:BIDid:80745
db:JVNDBid:JVNDB-2015-006786
db:CNNVDid:CNNVD-201601-322
db:NVDid:CVE-2015-3948

LAST UPDATE DATE

2024-08-14T13:33:08.608000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-00427date:2016-01-25T00:00:00
db:VULHUBid:VHN-81909date:2016-01-20T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2015-006786date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-322date:2016-01-18T00:00:00
db:NVDid:CVE-2015-3948date:2016-01-20T07:49:42.977

SOURCES RELEASE DATE

db:IVDid:64e67164-2351-11e6-abef-000c29c66e3ddate:2016-01-25T00:00:00
db:CNVDid:CNVD-2016-00427date:2016-01-25T00:00:00
db:VULHUBid:VHN-81909date:2016-01-15T00:00:00
db:BIDid:80745date:2016-01-14T00:00:00
db:JVNDBid:JVNDB-2015-006786date:2016-01-21T00:00:00
db:CNNVDid:CNNVD-201601-322date:2016-01-18T00:00:00
db:NVDid:CVE-2015-3948date:2016-01-15T03:59:03.403