Details of VAR-201708-1126

ID

VAR-201708-1126

CVE

CVE-2017-12713

TITLE

Advantech WebAccess Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-007577

DESCRIPTION

An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. Advantech WebAccess Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple heap-based buffer-overflow vulnerabilities. 3. Multiple memory-corruption vulnerabilities. 4. An SQL-injection vulnerability. 5. A format-string vulnerability. 6. An authentication-bypass vulnerability. 7. A security-bypass vulnerability. 8. A privilege-escalation vulnerability. 9. A remote-code execution vulnerability. This may aid in further attacks. Advantech WebAccess versions prior to V8.2_20170817 are vulnerable

Trust: 3.33

sources: NVD: CVE-2017-12713 // JVNDB: JVNDB-2017-007577 // ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // BID: 100526 // IVD: 2f47a910-cf77-46d0-b79d-4a34cb7b5c3f // VULHUB: VHN-103263

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2f47a910-cf77-46d0-b79d-4a34cb7b5c3f // CNVD: CNVD-2017-23880

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.2	Trust: 1.0
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.2_20170817	Trust: 0.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess <v8.2 20170817	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess 8.2 20170817	scope:	ne	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.1	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2f47a910-cf77-46d0-b79d-4a34cb7b5c3f // ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // BID: 100526 // JVNDB: JVNDB-2017-007577 // CNNVD: CNNVD-201708-1275 // NVD: CVE-2017-12713

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12713
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12713
value:	HIGH
Trust: 0.8
ZDI:	CVE-2017-12713
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2017-23880
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-1275
value:	HIGH
Trust: 0.6
IVD:	2f47a910-cf77-46d0-b79d-4a34cb7b5c3f
value:	HIGH
Trust: 0.2
VULHUB:	VHN-103263
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12713
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-12713
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-23880
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2f47a910-cf77-46d0-b79d-4a34cb7b5c3f
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-103263
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12713
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 2f47a910-cf77-46d0-b79d-4a34cb7b5c3f // ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // VULHUB: VHN-103263 // JVNDB: JVNDB-2017-007577 // CNNVD: CNNVD-201708-1275 // NVD: CVE-2017-12713

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-103263 // JVNDB: JVNDB-2017-007577 // NVD: CVE-2017-12713

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-1275

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201708-1275

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007577

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-241-02	Trust: 0.7
title:	Advantech WebAccess is not authorized to patch vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/101164	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74364	Trust: 0.6

sources: ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // JVNDB: JVNDB-2017-007577 // CNNVD: CNNVD-201708-1275

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12713	Trust: 4.3
db:	ICS CERT	id:	ICSA-17-241-02	Trust: 3.4
db:	BID	id:	100526	Trust: 2.0
db:	CNNVD	id:	CNNVD-201708-1275	Trust: 0.9
db:	CNVD	id:	CNVD-2017-23880	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-007577	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4897	Trust: 0.7
db:	ZDI	id:	ZDI-17-713	Trust: 0.7
db:	IVD	id:	2F47A910-CF77-46D0-B79D-4A34CB7B5C3F	Trust: 0.2
db:	VULHUB	id:	VHN-103263	Trust: 0.1

sources: IVD: 2f47a910-cf77-46d0-b79d-4a34cb7b5c3f // ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // VULHUB: VHN-103263 // BID: 100526 // JVNDB: JVNDB-2017-007577 // CNNVD: CNNVD-201708-1275 // NVD: CVE-2017-12713

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-241-02	Trust: 4.1
url:	http://www.securityfocus.com/bid/100526	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12713	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12713	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-17-713 // CNVD: CNVD-2017-23880 // VULHUB: VHN-103263 // BID: 100526 // JVNDB: JVNDB-2017-007577 // CNNVD: CNNVD-201708-1275 // NVD: CVE-2017-12713

CREDITS

Fritz Sands - Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-17-713

SOURCES

db:	IVD	id:	2f47a910-cf77-46d0-b79d-4a34cb7b5c3f
db:	ZDI	id:	ZDI-17-713
db:	CNVD	id:	CNVD-2017-23880
db:	VULHUB	id:	VHN-103263
db:	BID	id:	100526
db:	JVNDB	id:	JVNDB-2017-007577
db:	CNNVD	id:	CNNVD-201708-1275
db:	NVD	id:	CVE-2017-12713

LAST UPDATE DATE

2024-08-14T13:29:58.461000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-713	date:	2017-08-30T00:00:00
db:	CNVD	id:	CNVD-2017-23880	date:	2017-08-30T00:00:00
db:	VULHUB	id:	VHN-103263	date:	2019-10-09T00:00:00
db:	BID	id:	100526	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007577	date:	2017-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201708-1275	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12713	date:	2019-10-09T23:23:11.373

SOURCES RELEASE DATE

db:	IVD	id:	2f47a910-cf77-46d0-b79d-4a34cb7b5c3f	date:	2017-08-30T00:00:00
db:	ZDI	id:	ZDI-17-713	date:	2017-08-30T00:00:00
db:	CNVD	id:	CNVD-2017-23880	date:	2017-08-30T00:00:00
db:	VULHUB	id:	VHN-103263	date:	2017-08-30T00:00:00
db:	BID	id:	100526	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-007577	date:	2017-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201708-1275	date:	2017-08-31T00:00:00
db:	NVD	id:	CVE-2017-12713	date:	2017-08-30T18:29:00.967