ID

VAR-201702-0673


CVE

CVE-2017-5152


TITLE

Advantech WebAccess Security Bypass Vulnerability

Trust: 0.8

sources: IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // CNVD: CNVD-2017-00552

DESCRIPTION

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess (formerly known as BroadWinWebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A security bypass vulnerability exists in Advantech WebAccess version 8.1. An attacker could exploit the vulnerability to bypass certain security restrictions and perform unauthorized operations. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. WebAccess 8.1 is vulnerable; other versions may also be affected

Trust: 3.33

sources: NVD: CVE-2017-5152 // JVNDB: JVNDB-2017-001615 // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // BID: 95410 // IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // VULHUB: VHN-113355

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // CNVD: CNVD-2017-00552

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 3.3

vendor:advantechmodel:webaccessscope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccessscope:neversion:8.2

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:8.1

Trust: 0.2

sources: IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // BID: 95410 // JVNDB: JVNDB-2017-001615 // CNNVD: CNNVD-201701-327 // NVD: CVE-2017-5152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5152
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-5152
value: CRITICAL

Trust: 0.8

ZDI: CVE-2017-5152
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2017-00552
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201701-327
value: MEDIUM

Trust: 0.6

IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a
value: MEDIUM

Trust: 0.2

VULHUB: VHN-113355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-5152
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2017-5152
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2017-00552
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-113355
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5152
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // VULHUB: VHN-113355 // JVNDB: JVNDB-2017-001615 // CNNVD: CNNVD-201701-327 // NVD: CVE-2017-5152

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-113355 // JVNDB: JVNDB-2017-001615 // NVD: CVE-2017-5152

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-327

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201701-327

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001615

PATCH

title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01

Trust: 0.7

title:Advantech WebAccess Security Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/88105

Trust: 0.6

title:Advantech WebAccess Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66986

Trust: 0.6

sources: ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // JVNDB: JVNDB-2017-001615 // CNNVD: CNNVD-201701-327

EXTERNAL IDS

db:NVDid:CVE-2017-5152

Trust: 4.3

db:ICS CERTid:ICSA-17-012-01

Trust: 3.4

db:BIDid:95410

Trust: 2.0

db:ZDIid:ZDI-17-043

Trust: 1.6

db:TENABLEid:TRA-2017-04

Trust: 1.1

db:CNNVDid:CNNVD-201701-327

Trust: 0.9

db:CNVDid:CNVD-2017-00552

Trust: 0.8

db:JVNDBid:JVNDB-2017-001615

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-3679

Trust: 0.7

db:IVDid:EC77C86B-3355-445C-A5A5-7138437A8D7A

Trust: 0.2

db:VULHUBid:VHN-113355

Trust: 0.1

sources: IVD: ec77c86b-3355-445c-a5a5-7138437a8d7a // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // VULHUB: VHN-113355 // BID: 95410 // JVNDB: JVNDB-2017-001615 // CNNVD: CNNVD-201701-327 // NVD: CVE-2017-5152

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-17-012-01

Trust: 3.8

url:http://www.securityfocus.com/bid/95410

Trust: 1.1

url:https://www.tenable.com/security/research/tra-2017-04

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5152

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5152

Trust: 0.8

url:http://www.zerodayinitiative.com/advisories/zdi-17-043/

Trust: 0.6

url:http://webaccess.advantech.com

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-17-043/

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-012-01

Trust: 0.3

sources: ZDI: ZDI-17-043 // CNVD: CNVD-2017-00552 // VULHUB: VHN-113355 // BID: 95410 // JVNDB: JVNDB-2017-001615 // CNNVD: CNNVD-201701-327 // NVD: CVE-2017-5152

CREDITS

Tenable Network Security

Trust: 1.0

sources: ZDI: ZDI-17-043 // BID: 95410

SOURCES

db:IVDid:ec77c86b-3355-445c-a5a5-7138437a8d7a
db:ZDIid:ZDI-17-043
db:CNVDid:CNVD-2017-00552
db:VULHUBid:VHN-113355
db:BIDid:95410
db:JVNDBid:JVNDB-2017-001615
db:CNNVDid:CNNVD-201701-327
db:NVDid:CVE-2017-5152

LAST UPDATE DATE

2024-11-23T22:01:18.912000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-17-043date:2017-01-12T00:00:00
db:CNVDid:CNVD-2017-00552date:2017-01-18T00:00:00
db:VULHUBid:VHN-113355date:2017-11-03T00:00:00
db:BIDid:95410date:2017-01-23T04:05:00
db:JVNDBid:JVNDB-2017-001615date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201701-327date:2017-01-13T00:00:00
db:NVDid:CVE-2017-5152date:2024-11-21T03:27:09.607

SOURCES RELEASE DATE

db:IVDid:ec77c86b-3355-445c-a5a5-7138437a8d7adate:2017-01-18T00:00:00
db:ZDIid:ZDI-17-043date:2017-01-12T00:00:00
db:CNVDid:CNVD-2017-00552date:2017-01-18T00:00:00
db:VULHUBid:VHN-113355date:2017-02-13T00:00:00
db:BIDid:95410date:2017-01-12T00:00:00
db:JVNDBid:JVNDB-2017-001615date:2017-03-08T00:00:00
db:CNNVDid:CNNVD-201701-327date:2017-01-13T00:00:00
db:NVDid:CVE-2017-5152date:2017-02-13T21:59:02.643