Details of VAR-201711-0754

ID

VAR-201711-0754

CVE

CVE-2017-12719

TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-17-939 // ZDI: ZDI-17-940

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2723 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to multiple remote code-execution vulnerabilities. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Advantech WebAccess 8.2_20170817 are vulnerable

Trust: 3.96

sources: NVD: CVE-2017-12719 // JVNDB: JVNDB-2017-009931 // ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // BID: 101685 // IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // VULHUB: VHN-103269

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // CNVD: CNVD-2017-32564

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lt	version:	8.2_20170817	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 1.4
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.9
vendor:	advantech	model:	webaccess <v8.2 20170817	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess 8.2 20170817	scope:	ne	version:	-	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // BID: 101685 // JVNDB: JVNDB-2017-009931 // CNNVD: CNNVD-201711-170 // NVD: CVE-2017-12719

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-12719
value:	MEDIUM
Trust: 1.4
nvd@nist.gov:	CVE-2017-12719
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12719
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32564
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201711-170
value:	HIGH
Trust: 0.6
IVD:	324aeb72-83a5-4ec9-8bfb-77e3df73ed3a
value:	HIGH
Trust: 0.2
VULHUB:	VHN-103269
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12719
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-12719
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
CNVD:	CNVD-2017-32564
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	324aeb72-83a5-4ec9-8bfb-77e3df73ed3a
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-103269
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12719
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // VULHUB: VHN-103269 // JVNDB: JVNDB-2017-009931 // CNNVD: CNNVD-201711-170 // NVD: CVE-2017-12719

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.9
problemtype:	CWE-822	Trust: 1.0

sources: VULHUB: VHN-103269 // JVNDB: JVNDB-2017-009931 // NVD: CVE-2017-12719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-170

TYPE

Code problem

Trust: 0.8

sources: IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // CNNVD: CNNVD-201711-170

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009931

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-17-306-02	Trust: 1.4
title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Advantech WebAccess Pointer Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/105314	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76156	Trust: 0.6

sources: ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // JVNDB: JVNDB-2017-009931 // CNNVD: CNNVD-201711-170

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12719	Trust: 5.0
db:	ICS CERT	id:	ICSA-17-306-02	Trust: 3.4
db:	BID	id:	101685	Trust: 2.0
db:	CNNVD	id:	CNNVD-201711-170	Trust: 0.9
db:	CNVD	id:	CNVD-2017-32564	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-009931	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4950	Trust: 0.7
db:	ZDI	id:	ZDI-17-939	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4951	Trust: 0.7
db:	ZDI	id:	ZDI-17-940	Trust: 0.7
db:	IVD	id:	324AEB72-83A5-4EC9-8BFB-77E3DF73ED3A	Trust: 0.2
db:	VULHUB	id:	VHN-103269	Trust: 0.1

sources: IVD: 324aeb72-83a5-4ec9-8bfb-77e3df73ed3a // ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // VULHUB: VHN-103269 // BID: 101685 // JVNDB: JVNDB-2017-009931 // CNNVD: CNNVD-201711-170 // NVD: CVE-2017-12719

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-306-02	Trust: 4.8
url:	http://www.securityfocus.com/bid/101685	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12719	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12719	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-17-939 // ZDI: ZDI-17-940 // CNVD: CNVD-2017-32564 // VULHUB: VHN-103269 // BID: 101685 // JVNDB: JVNDB-2017-009931 // CNNVD: CNNVD-201711-170 // NVD: CVE-2017-12719

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 1.4

sources: ZDI: ZDI-17-939 // ZDI: ZDI-17-940

SOURCES

db:	IVD	id:	324aeb72-83a5-4ec9-8bfb-77e3df73ed3a
db:	ZDI	id:	ZDI-17-939
db:	ZDI	id:	ZDI-17-940
db:	CNVD	id:	CNVD-2017-32564
db:	VULHUB	id:	VHN-103269
db:	BID	id:	101685
db:	JVNDB	id:	JVNDB-2017-009931
db:	CNNVD	id:	CNNVD-201711-170
db:	NVD	id:	CVE-2017-12719

LAST UPDATE DATE

2024-08-14T13:29:33.516000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-17-939	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-940	date:	2017-12-06T00:00:00
db:	CNVD	id:	CNVD-2017-32564	date:	2017-11-03T00:00:00
db:	VULHUB	id:	VHN-103269	date:	2019-10-09T00:00:00
db:	BID	id:	101685	date:	2017-12-19T22:36:00
db:	JVNDB	id:	JVNDB-2017-009931	date:	2017-12-28T00:00:00
db:	CNNVD	id:	CNNVD-201711-170	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12719	date:	2019-10-09T23:23:12.387

SOURCES RELEASE DATE

db:	IVD	id:	324aeb72-83a5-4ec9-8bfb-77e3df73ed3a	date:	2017-11-03T00:00:00
db:	ZDI	id:	ZDI-17-939	date:	2017-12-06T00:00:00
db:	ZDI	id:	ZDI-17-940	date:	2017-12-06T00:00:00
db:	CNVD	id:	CNVD-2017-32564	date:	2017-11-03T00:00:00
db:	VULHUB	id:	VHN-103269	date:	2017-11-06T00:00:00
db:	BID	id:	101685	date:	2017-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2017-009931	date:	2017-11-29T00:00:00
db:	CNNVD	id:	CNNVD-201711-170	date:	2017-11-06T00:00:00
db:	NVD	id:	CVE-2017-12719	date:	2017-11-06T22:29:00.193