Details of VAR-201702-0675

ID

VAR-201702-0675

CVE

CVE-2017-5154

TITLE

Advantech WebAccess In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001616

DESCRIPTION

An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within updateTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A SQL injection vulnerability exists in Advantech WebAccess version 8.1. Advantech WebAccess is prone to an SQL-injection vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions, modify the logic of SQL queries, compromise the software, retrieve information, or modify data; other consequences are possible as well. WebAccess 8.1 is vulnerable; other versions may also be affected

Trust: 3.33

sources: NVD: CVE-2017-5154 // JVNDB: JVNDB-2017-001616 // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // BID: 95410 // IVD: f6a19415-1129-4719-ad81-c1d464552563 // VULHUB: VHN-113357

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: f6a19415-1129-4719-ad81-c1d464552563 // CNVD: CNVD-2017-00553

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 3.3
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.2	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	8.1	Trust: 0.2

sources: IVD: f6a19415-1129-4719-ad81-c1d464552563 // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // BID: 95410 // JVNDB: JVNDB-2017-001616 // CNNVD: CNNVD-201701-328 // NVD: CVE-2017-5154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5154
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-5154
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2017-5154
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-00553
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201701-328
value:	HIGH
Trust: 0.6
IVD:	f6a19415-1129-4719-ad81-c1d464552563
value:	HIGH
Trust: 0.2
VULHUB:	VHN-113357
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5154
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-5154
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-00553
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	f6a19415-1129-4719-ad81-c1d464552563
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-113357
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5154
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: f6a19415-1129-4719-ad81-c1d464552563 // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // VULHUB: VHN-113357 // JVNDB: JVNDB-2017-001616 // CNNVD: CNNVD-201701-328 // NVD: CVE-2017-5154

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-113357 // JVNDB: JVNDB-2017-001616 // NVD: CVE-2017-5154

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-328

TYPE

SQL injection

Trust: 0.8

sources: IVD: f6a19415-1129-4719-ad81-c1d464552563 // CNNVD: CNNVD-201701-328

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001616

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01	Trust: 0.7
title:	Advantech WebAccess 'updateTemplate.aspx' SQL Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/88106	Trust: 0.6
title:	Advantech WebAccess SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66985	Trust: 0.6

sources: ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // JVNDB: JVNDB-2017-001616 // CNNVD: CNNVD-201701-328

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5154	Trust: 4.3
db:	ICS CERT	id:	ICSA-17-012-01	Trust: 3.4
db:	BID	id:	95410	Trust: 2.0
db:	ZDI	id:	ZDI-17-043	Trust: 1.6
db:	TENABLE	id:	TRA-2017-04	Trust: 1.1
db:	CNNVD	id:	CNNVD-201701-328	Trust: 0.9
db:	CNVD	id:	CNVD-2017-00553	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001616	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3679	Trust: 0.7
db:	IVD	id:	F6A19415-1129-4719-AD81-C1D464552563	Trust: 0.2
db:	VULHUB	id:	VHN-113357	Trust: 0.1

sources: IVD: f6a19415-1129-4719-ad81-c1d464552563 // ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // VULHUB: VHN-113357 // BID: 95410 // JVNDB: JVNDB-2017-001616 // CNNVD: CNNVD-201701-328 // NVD: CVE-2017-5154

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-012-01	Trust: 3.8
url:	http://www.securityfocus.com/bid/95410	Trust: 1.1
url:	https://www.tenable.com/security/research/tra-2017-04	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5154	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5154	Trust: 0.8
url:	http://www.zerodayinitiative.com/advisories/zdi-17-043/	Trust: 0.6
url:	http://webaccess.advantech.com	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-17-043/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-012-01	Trust: 0.3

sources: ZDI: ZDI-17-043 // CNVD: CNVD-2017-00553 // VULHUB: VHN-113357 // BID: 95410 // JVNDB: JVNDB-2017-001616 // CNNVD: CNNVD-201701-328 // NVD: CVE-2017-5154

CREDITS

Tenable Network Security

Trust: 1.0

sources: ZDI: ZDI-17-043 // BID: 95410

SOURCES

db:	IVD	id:	f6a19415-1129-4719-ad81-c1d464552563
db:	ZDI	id:	ZDI-17-043
db:	CNVD	id:	CNVD-2017-00553
db:	VULHUB	id:	VHN-113357
db:	BID	id:	95410
db:	JVNDB	id:	JVNDB-2017-001616
db:	CNNVD	id:	CNNVD-201701-328
db:	NVD	id:	CVE-2017-5154

LAST UPDATE DATE

2024-08-14T13:56:59.942000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-043	date:	2017-01-12T00:00:00
db:	CNVD	id:	CNVD-2017-00553	date:	2017-01-18T00:00:00
db:	VULHUB	id:	VHN-113357	date:	2017-11-03T00:00:00
db:	BID	id:	95410	date:	2017-01-23T04:05:00
db:	JVNDB	id:	JVNDB-2017-001616	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201701-328	date:	2017-01-13T00:00:00
db:	NVD	id:	CVE-2017-5154	date:	2017-11-03T01:29:07.733

SOURCES RELEASE DATE

db:	IVD	id:	f6a19415-1129-4719-ad81-c1d464552563	date:	2017-01-18T00:00:00
db:	ZDI	id:	ZDI-17-043	date:	2017-01-12T00:00:00
db:	CNVD	id:	CNVD-2017-00553	date:	2017-01-18T00:00:00
db:	VULHUB	id:	VHN-113357	date:	2017-02-13T00:00:00
db:	BID	id:	95410	date:	2017-01-12T00:00:00
db:	JVNDB	id:	JVNDB-2017-001616	date:	2017-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201701-328	date:	2017-01-13T00:00:00
db:	NVD	id:	CVE-2017-5154	date:	2017-02-13T21:59:02.707