ID

VAR-201801-0138


CVE

CVE-2017-16716


TITLE

Advantech WebAccess In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011764

DESCRIPTION

A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. Advantech WebAccess Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within ChkAdminViewUsrPwd1, called from mailPg.asp. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable

Trust: 5.94

sources: NVD: CVE-2017-16716 // JVNDB: JVNDB-2017-011764 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // BID: 102424 // IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // CNVD: CNVD-2018-00669

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 3.5

vendor:advantechmodel:webaccessscope:ltversion:8.3

Trust: 2.4

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // BID: 102424 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-16716
value: MEDIUM

Trust: 3.5

nvd@nist.gov: CVE-2017-16716
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-16716
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-00669
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-244
value: HIGH

Trust: 0.6

IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-107666
value: HIGH

Trust: 0.1

VULMON: CVE-2017-16716
value: HIGH

Trust: 0.1

ZDI: CVE-2017-16716
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.5

nvd@nist.gov: CVE-2017-16716
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-00669
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-107666
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16716
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-107666 // JVNDB: JVNDB-2017-011764 // NVD: CVE-2017-16716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-244

TYPE

SQL injection

Trust: 0.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // CNNVD: CNNVD-201801-244

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011764

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-107666 // VULMON: CVE-2017-16716

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02

Trust: 3.5

title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess

Trust: 0.8

title:Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-00669)url:https://www.cnvd.org.cn/patchInfo/show/113117

Trust: 0.6

title:Advantech WebAccess SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77555

Trust: 0.6

title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc

Trust: 0.1

sources: ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // VULMON: CVE-2017-16716 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244

EXTERNAL IDS

db:NVDid:CVE-2017-16716

Trust: 7.2

db:BIDid:102424

Trust: 3.5

db:ICS CERTid:ICSA-18-004-02

Trust: 2.1

db:EXPLOIT-DBid:43928

Trust: 1.2

db:CNNVDid:CNNVD-201801-244

Trust: 0.9

db:CNVDid:CNVD-2018-00669

Trust: 0.8

db:ICS CERTid:ICSA-18-004-02A

Trust: 0.8

db:JVNDBid:JVNDB-2017-011764

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-4994

Trust: 0.7

db:ZDIid:ZDI-18-026

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5398

Trust: 0.7

db:ZDIid:ZDI-18-064

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5407

Trust: 0.7

db:ZDIid:ZDI-18-065

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4995

Trust: 0.7

db:ZDIid:ZDI-18-027

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4996

Trust: 0.7

db:ZDIid:ZDI-18-028

Trust: 0.7

db:NSFOCUSid:38634

Trust: 0.6

db:IVDid:E2E0B981-39AB-11E9-83BA-000C29342CB1

Trust: 0.2

db:PACKETSTORMid:146149

Trust: 0.1

db:VULHUBid:VHN-107666

Trust: 0.1

db:VULMONid:CVE-2017-16716

Trust: 0.1

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716 // BID: 102424 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02

Trust: 5.6

url:http://www.securityfocus.com/bid/102424

Trust: 3.3

url:https://www.exploit-db.com/exploits/43928/

Trust: 1.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16716

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-16716

Trust: 0.8

url:http://www.nsfocus.net/vulndb/38634

Trust: 0.6

url:http://webaccess.advantech.com

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/qazbnm456/awesome-cve-poc

Trust: 0.1

sources: ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716 // BID: 102424 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 2.1

sources: ZDI: ZDI-18-026 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028

SOURCES

db:IVDid:e2e0b981-39ab-11e9-83ba-000c29342cb1
db:ZDIid:ZDI-18-026
db:ZDIid:ZDI-18-064
db:ZDIid:ZDI-18-065
db:ZDIid:ZDI-18-027
db:ZDIid:ZDI-18-028
db:CNVDid:CNVD-2018-00669
db:VULHUBid:VHN-107666
db:VULMONid:CVE-2017-16716
db:BIDid:102424
db:JVNDBid:JVNDB-2017-011764
db:CNNVDid:CNNVD-201801-244
db:NVDid:CVE-2017-16716

LAST UPDATE DATE

2024-08-14T13:46:13.710000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-026date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-064date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-065date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-027date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-028date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00669date:2018-01-10T00:00:00
db:VULHUBid:VHN-107666date:2018-02-02T00:00:00
db:VULMONid:CVE-2017-16716date:2018-02-02T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011764date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201801-244date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16716date:2018-02-02T02:29:01.137

SOURCES RELEASE DATE

db:IVDid:e2e0b981-39ab-11e9-83ba-000c29342cb1date:2018-01-10T00:00:00
db:ZDIid:ZDI-18-026date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-064date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-065date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-027date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-028date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00669date:2018-01-10T00:00:00
db:VULHUBid:VHN-107666date:2018-01-05T00:00:00
db:VULMONid:CVE-2017-16716date:2018-01-05T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011764date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201801-244date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16716date:2018-01-05T08:29:00.267