Sign-up

ID

VAR-201610-0692


TITLE

Advantech WebAccess 8.1 ActiveX Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a // CNVD: CNVD-2016-10222

DESCRIPTION

WebAccess HMI / SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems. An ActiveX control in Advantech WebAccess 8.1 has a buffer overflow vulnerability. An attacker can use this vulnerability to build a malicious web page to lure users to access and execute arbitrary code in the context of the application

Trust: 0.72

sources: CNVD: CNVD-2016-10222 // IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a // CNVD: CNVD-2016-10222

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.8

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a // CNVD: CNVD-2016-10222

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-10222
value: HIGH

Trust: 0.6

IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a
value: HIGH

Trust: 0.2

CNVD: CNVD-2016-10222
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a // CNVD: CNVD-2016-10222

TYPE

Buffer overflow

Trust: 0.2

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a

PATCH

title:Advantech WebAccess 8.1 ActiveX Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/81226

Trust: 0.6

sources: CNVD: CNVD-2016-10222

EXTERNAL IDS

db:CNVDid:CNVD-2016-10222

Trust: 0.8

db:IVDid:004F69B8-C8BD-4DCD-B795-5D5AE897722A

Trust: 0.2

sources: IVD: 004f69b8-c8bd-4dcd-b795-5d5ae897722a // CNVD: CNVD-2016-10222

SOURCES

db:IVDid:004f69b8-c8bd-4dcd-b795-5d5ae897722a
db:CNVDid:CNVD-2016-10222

LAST UPDATE DATE

2022-05-17T02:03:18.177000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-10222date:2016-10-27T00:00:00

SOURCES RELEASE DATE

db:IVDid:004f69b8-c8bd-4dcd-b795-5d5ae897722adate:2016-10-27T00:00:00
db:CNVDid:CNVD-2016-10222date:2016-10-17T00:00:00