Details of VAR-201610-0691

ID

VAR-201610-0691

TITLE

HMI / SCADA software webaccess7.2 / 8.0 / 8.1 has 4 dll hijack vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-10337

DESCRIPTION

WebAccess can establish an information management platform for users, and simultaneously improve the efficiency of vertical market management development. HMI / SCADA software webaccess has 4 dll hijack vulnerabilities. When bwopctool.dll, bwabout.dll, BwPAlarm.dll, Webvsid.dll are automatically loaded, Webvrpcs.exe will not verify these dlls, and attackers can place malicious dll files In the directory of the process, the system is attacked. You can download it from http://www.advantech.com.cn/industrial-automation/webaccess/download. This page downloads three versions of webaccess. Any version of webaccess is affected. After installing webaccess, run the batch provided by the word document directly. After processing the file, you can see the effect of dll hijack, and a calculator will pop up after success

Trust: 0.72

sources: CNVD: CNVD-2016-10337 // IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c // CNVD: CNVD-2016-10337

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2*	Trust: 0.2
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0*	Trust: 0.2

sources: IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c // CNVD: CNVD-2016-10337

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-10337
value:	LOW
Trust: 0.6
IVD:	ff7dae53-c23c-40b0-9f59-13a4db97f36c
value:	LOW
Trust: 0.2

CNVD:	CNVD-2016-10337
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ff7dae53-c23c-40b0-9f59-13a4db97f36c
severity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:M/AU:N/C:N/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c // CNVD: CNVD-2016-10337

TYPE

other

Trust: 0.2

sources: IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c

PATCH

title:

HMI / SCADA software webaccess7.2 / 8.0 / 8.1 4 dll hijack vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/82819

Trust: 0.6

sources: CNVD: CNVD-2016-10337

EXTERNAL IDS

db:	CNVD	id:	CNVD-2016-10337	Trust: 0.8
db:	IVD	id:	FF7DAE53-C23C-40B0-9F59-13A4DB97F36C	Trust: 0.2

sources: IVD: ff7dae53-c23c-40b0-9f59-13a4db97f36c // CNVD: CNVD-2016-10337

SOURCES

db:	IVD	id:	ff7dae53-c23c-40b0-9f59-13a4db97f36c
db:	CNVD	id:	CNVD-2016-10337

LAST UPDATE DATE

2022-05-17T02:07:06.759000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-10337

date:

2016-11-24T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	ff7dae53-c23c-40b0-9f59-13a4db97f36c	date:	2016-10-31T00:00:00
db:	CNVD	id:	CNVD-2016-10337	date:	2016-12-03T00:00:00