Details of VAR-201711-0409

ID

VAR-201711-0409

CVE

CVE-2017-14016

TITLE

Advantech WebAccess Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259

DESCRIPTION

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within implementation of the 0x138bd IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Advantech WebAccess 8.2_20170817 are vulnerable

Trust: 3.33

sources: NVD: CVE-2017-14016 // JVNDB: JVNDB-2017-009932 // ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // BID: 101685 // IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // VULHUB: VHN-104696

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // CNVD: CNVD-2017-32562

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lt	version:	8.2_20170817	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess <v8.2 20170817	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess 8.2 20170817	scope:	ne	version:	-	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // BID: 101685 // JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259 // NVD: CVE-2017-14016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-14016
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-14016
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2017-14016
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2017-32562
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-1259
value:	MEDIUM
Trust: 0.6
IVD:	ae88e8ae-b267-4e99-bfac-8a81bbb4590a
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-104696
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-14016
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.5
CNVD:	CNVD-2017-32562
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ae88e8ae-b267-4e99-bfac-8a81bbb4590a
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-104696
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-14016
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 1.8

sources: IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // VULHUB: VHN-104696 // JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259 // NVD: CVE-2017-14016

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-121	Trust: 1.0

sources: VULHUB: VHN-104696 // JVNDB: JVNDB-2017-009932 // NVD: CVE-2017-14016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1259

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // CNNVD: CNNVD-201708-1259

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009932

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-104696

PATCH

title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02	Trust: 0.7
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/105309	Trust: 0.6
title:	Advantech WebAccess Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75601	Trust: 0.6

sources: ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259

EXTERNAL IDS

db:	NVD	id:	CVE-2017-14016	Trust: 4.3
db:	ICS CERT	id:	ICSA-17-306-02	Trust: 3.4
db:	BID	id:	101685	Trust: 1.4
db:	EXPLOIT-DB	id:	43340	Trust: 1.1
db:	CNNVD	id:	CNNVD-201708-1259	Trust: 0.9
db:	CNVD	id:	CNVD-2017-32562	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009932	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4949	Trust: 0.7
db:	ZDI	id:	ZDI-17-938	Trust: 0.7
db:	IVD	id:	AE88E8AE-B267-4E99-BFAC-8A81BBB4590A	Trust: 0.2
db:	PACKETSTORM	id:	145401	Trust: 0.1
db:	VULHUB	id:	VHN-104696	Trust: 0.1

sources: IVD: ae88e8ae-b267-4e99-bfac-8a81bbb4590a // ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // VULHUB: VHN-104696 // BID: 101685 // JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259 // NVD: CVE-2017-14016

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-306-02	Trust: 4.1
url:	http://www.securityfocus.com/bid/101685	Trust: 1.1
url:	https://www.exploit-db.com/exploits/43340/	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14016	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-14016	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-17-938 // CNVD: CNVD-2017-32562 // VULHUB: VHN-104696 // BID: 101685 // JVNDB: JVNDB-2017-009932 // CNNVD: CNNVD-201708-1259 // NVD: CVE-2017-14016

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 0.7

sources: ZDI: ZDI-17-938

SOURCES

db:	IVD	id:	ae88e8ae-b267-4e99-bfac-8a81bbb4590a
db:	ZDI	id:	ZDI-17-938
db:	CNVD	id:	CNVD-2017-32562
db:	VULHUB	id:	VHN-104696
db:	BID	id:	101685
db:	JVNDB	id:	JVNDB-2017-009932
db:	CNNVD	id:	CNNVD-201708-1259
db:	NVD	id:	CVE-2017-14016

LAST UPDATE DATE

2024-08-14T13:29:33.568000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-938	date:	2017-12-06T00:00:00
db:	CNVD	id:	CNVD-2017-32562	date:	2017-11-03T00:00:00
db:	VULHUB	id:	VHN-104696	date:	2017-12-20T00:00:00
db:	BID	id:	101685	date:	2017-12-19T22:36:00
db:	JVNDB	id:	JVNDB-2017-009932	date:	2017-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201708-1259	date:	2017-11-09T00:00:00
db:	NVD	id:	CVE-2017-14016	date:	2017-12-20T02:29:03.410

SOURCES RELEASE DATE

db:	IVD	id:	ae88e8ae-b267-4e99-bfac-8a81bbb4590a	date:	2017-11-03T00:00:00
db:	ZDI	id:	ZDI-17-938	date:	2017-12-06T00:00:00
db:	CNVD	id:	CNVD-2017-32562	date:	2017-11-03T00:00:00
db:	VULHUB	id:	VHN-104696	date:	2017-11-06T00:00:00
db:	BID	id:	101685	date:	2017-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-009932	date:	2017-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201708-1259	date:	2017-11-02T00:00:00
db:	NVD	id:	CVE-2017-14016	date:	2017-11-06T22:29:00.240