Details of VAR-201708-1124

ID

VAR-201708-1124

CVE

CVE-2017-12710

TITLE

Advantech WebAccess In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007575

DESCRIPTION

A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess. Authentication is required to exploit this vulnerability, but can be easily bypassed.The specific flaw exists within rmTemplate.aspx. The vulnerability is caused by lack of input validation before using a remotely supplied string to construct SQL queries. An attacker can use this vulnerability to disclose passwords of administrative accounts used by Advantech WebAccess. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and gain elevated privileges. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable

Trust: 3.33

sources: NVD: CVE-2017-12710 // JVNDB: JVNDB-2017-007575 // ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // BID: 100526 // IVD: 526eff5a-fc92-4271-a592-23146544e85e // VULHUB: VHN-103260

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 526eff5a-fc92-4271-a592-23146544e85e // CNVD: CNVD-2017-23886

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.2	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.2_20170817	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess <v8.2 20170817	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess 8.2 20170817	scope:	ne	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 526eff5a-fc92-4271-a592-23146544e85e // ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // BID: 100526 // JVNDB: JVNDB-2017-007575 // CNNVD: CNNVD-201708-1277 // NVD: CVE-2017-12710

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12710
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12710
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-12710
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2017-23886
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-1277
value:	MEDIUM
Trust: 0.6
IVD:	526eff5a-fc92-4271-a592-23146544e85e
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-103260
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12710
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-12710
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-23886
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	526eff5a-fc92-4271-a592-23146544e85e
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-103260
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12710
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 526eff5a-fc92-4271-a592-23146544e85e // ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // VULHUB: VHN-103260 // JVNDB: JVNDB-2017-007575 // CNNVD: CNNVD-201708-1277 // NVD: CVE-2017-12710

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-103260 // JVNDB: JVNDB-2017-007575 // NVD: CVE-2017-12710

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1277

TYPE

SQL injection

Trust: 0.8

sources: IVD: 526eff5a-fc92-4271-a592-23146544e85e // CNNVD: CNNVD-201708-1277

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007575

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02	Trust: 0.7
title:	Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2017-23886)	url:	https://www.cnvd.org.cn/patchInfo/show/101170	Trust: 0.6
title:	Advantech WebAccess SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74366	Trust: 0.6

sources: ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // JVNDB: JVNDB-2017-007575 // CNNVD: CNNVD-201708-1277

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12710	Trust: 4.3
db:	ICS CERT	id:	ICSA-17-241-02	Trust: 3.4
db:	ZDI	id:	ZDI-17-712	Trust: 1.8
db:	BID	id:	100526	Trust: 1.4
db:	TENABLE	id:	TRA-2017-29	Trust: 1.1
db:	CNNVD	id:	CNNVD-201708-1277	Trust: 0.9
db:	CNVD	id:	CNVD-2017-23886	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007575	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4548	Trust: 0.7
db:	IVD	id:	526EFF5A-FC92-4271-A592-23146544E85E	Trust: 0.2
db:	VULHUB	id:	VHN-103260	Trust: 0.1

sources: IVD: 526eff5a-fc92-4271-a592-23146544e85e // ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // VULHUB: VHN-103260 // BID: 100526 // JVNDB: JVNDB-2017-007575 // CNNVD: CNNVD-201708-1277 // NVD: CVE-2017-12710

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-241-02	Trust: 4.1
url:	http://www.securityfocus.com/bid/100526	Trust: 1.1
url:	http://www.zerodayinitiative.com/advisories/zdi-17-712/	Trust: 1.1
url:	https://www.tenable.com/security/research/tra-2017-29	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12710	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12710	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-17-712 // CNVD: CNVD-2017-23886 // VULHUB: VHN-103260 // BID: 100526 // JVNDB: JVNDB-2017-007575 // CNNVD: CNNVD-201708-1277 // NVD: CVE-2017-12710

CREDITS

Tenable Network Security

Trust: 0.7

sources: ZDI: ZDI-17-712

SOURCES

db:	IVD	id:	526eff5a-fc92-4271-a592-23146544e85e
db:	ZDI	id:	ZDI-17-712
db:	CNVD	id:	CNVD-2017-23886
db:	VULHUB	id:	VHN-103260
db:	BID	id:	100526
db:	JVNDB	id:	JVNDB-2017-007575
db:	CNNVD	id:	CNNVD-201708-1277
db:	NVD	id:	CVE-2017-12710

LAST UPDATE DATE

2024-08-14T13:29:58.375000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-712	date:	2017-08-30T00:00:00
db:	CNVD	id:	CNVD-2017-23886	date:	2017-09-04T00:00:00
db:	VULHUB	id:	VHN-103260	date:	2017-11-10T00:00:00
db:	BID	id:	100526	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007575	date:	2017-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201708-1277	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2017-12710	date:	2017-11-10T02:29:17.247

SOURCES RELEASE DATE

db:	IVD	id:	526eff5a-fc92-4271-a592-23146544e85e	date:	2017-08-30T00:00:00
db:	ZDI	id:	ZDI-17-712	date:	2017-08-30T00:00:00
db:	CNVD	id:	CNVD-2017-23886	date:	2017-08-30T00:00:00
db:	VULHUB	id:	VHN-103260	date:	2017-08-30T00:00:00
db:	BID	id:	100526	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007575	date:	2017-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-1277	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2017-12710	date:	2017-08-30T18:29:00.657