Sign-up

ID

VAR-201801-0138


CVE

CVE-2017-16716


TITLE

Advantech WebAccess In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011764

DESCRIPTION

A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. Advantech WebAccess Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within ChkAdminViewUsrPwd1, called from mailPg.asp. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code under the context of the web service. Advantech WebAccess (formerly known as BroadWin WebAccess) is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable

Trust: 5.94

sources: NVD: CVE-2017-16716 // JVNDB: JVNDB-2017-011764 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // BID: 102424 // IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // CNVD: CNVD-2018-00669

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 3.5

vendor:advantechmodel:webaccessscope:ltversion:8.3

Trust: 2.4

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // BID: 102424 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-16716
value: MEDIUM

Trust: 3.5

nvd@nist.gov: CVE-2017-16716
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-16716
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-00669
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-244
value: HIGH

Trust: 0.6

IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-107666
value: HIGH

Trust: 0.1

VULMON: CVE-2017-16716
value: HIGH

Trust: 0.1

ZDI: CVE-2017-16716
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.5

nvd@nist.gov: CVE-2017-16716
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-00669
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-107666
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16716
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // ZDI: ZDI-18-026 // ZDI: ZDI-18-064 // ZDI: ZDI-18-065 // ZDI: ZDI-18-027 // ZDI: ZDI-18-028 // CNVD: CNVD-2018-00669 // VULHUB: VHN-107666 // VULMON: CVE-2017-16716 // JVNDB: JVNDB-2017-011764 // CNNVD: CNNVD-201801-244 // NVD: CVE-2017-16716

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-107666 // JVNDB: JVNDB-2017-011764 // NVD: CVE-2017-16716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-244

TYPE

SQL injection

Trust: 0.8

sources: IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // CNNVD: CNNVD-201801-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011764

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-107666 // 
            
            
            
            VULMON: CVE-2017-16716

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02
Trust: 3.5
title:Advantech WebAccessurl:http://www.advantech.com/industrial-automation/webaccess
Trust: 0.8
title:Patch for Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-00669)url:https://www.cnvd.org.cn/patchInfo/show/113117
Trust: 0.6
title:Advantech WebAccess SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77555
Trust: 0.6
title:Awesome CVE PoCurl:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
title:Awesome CVE PoCurl:https://github.com/qazbnm456/awesome-cve-poc 
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-026 // 
            
            
            
            ZDI: ZDI-18-064 // 
            
            
            
            ZDI: ZDI-18-065 // 
            
            
            
            ZDI: ZDI-18-027 // 
            
            
            
            ZDI: ZDI-18-028 // 
            
            
            
            CNVD: CNVD-2018-00669 // 
            
            
            
            VULMON: CVE-2017-16716 // 
            
            
            
            JVNDB: JVNDB-2017-011764 // 
            
            
            
            CNNVD: CNNVD-201801-244

EXTERNAL IDS
db:NVDid:CVE-2017-16716
Trust: 7.2
db:BIDid:102424
Trust: 3.5
db:ICS CERTid:ICSA-18-004-02
Trust: 2.1
db:EXPLOIT-DBid:43928
Trust: 1.2
db:CNNVDid:CNNVD-201801-244
Trust: 0.9
db:CNVDid:CNVD-2018-00669
Trust: 0.8
db:ICS CERTid:ICSA-18-004-02A
Trust: 0.8
db:JVNDBid:JVNDB-2017-011764
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-4994
Trust: 0.7
db:ZDIid:ZDI-18-026
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5398
Trust: 0.7
db:ZDIid:ZDI-18-064
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5407
Trust: 0.7
db:ZDIid:ZDI-18-065
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-4995
Trust: 0.7
db:ZDIid:ZDI-18-027
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-4996
Trust: 0.7
db:ZDIid:ZDI-18-028
Trust: 0.7
db:NSFOCUSid:38634
Trust: 0.6
db:IVDid:E2E0B981-39AB-11E9-83BA-000C29342CB1
Trust: 0.2
db:PACKETSTORMid:146149
Trust: 0.1
db:VULHUBid:VHN-107666
Trust: 0.1
db:VULMONid:CVE-2017-16716
Trust: 0.1
sources:
            
            
            IVD: e2e0b981-39ab-11e9-83ba-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-026 // 
            
            
            
            ZDI: ZDI-18-064 // 
            
            
            
            ZDI: ZDI-18-065 // 
            
            
            
            ZDI: ZDI-18-027 // 
            
            
            
            ZDI: ZDI-18-028 // 
            
            
            
            CNVD: CNVD-2018-00669 // 
            
            
            
            VULHUB: VHN-107666 // 
            
            
            
            VULMON: CVE-2017-16716 // 
            
            
            
            BID: 102424 // 
            
            
            
            JVNDB: JVNDB-2017-011764 // 
            
            
            
            CNNVD: CNNVD-201801-244 // 
            
            
            
            NVD: CVE-2017-16716

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02
Trust: 5.6
url:http://www.securityfocus.com/bid/102424
Trust: 3.3
url:https://www.exploit-db.com/exploits/43928/
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16716
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-16716
Trust: 0.8
url:http://www.nsfocus.net/vulndb/38634
Trust: 0.6
url:http://webaccess.advantech.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/qazbnm456/awesome-cve-poc
Trust: 0.1
sources:
            
            
            ZDI: ZDI-18-026 // 
            
            
            
            ZDI: ZDI-18-064 // 
            
            
            
            ZDI: ZDI-18-065 // 
            
            
            
            ZDI: ZDI-18-027 // 
            
            
            
            ZDI: ZDI-18-028 // 
            
            
            
            CNVD: CNVD-2018-00669 // 
            
            
            
            VULHUB: VHN-107666 // 
            
            
            
            VULMON: CVE-2017-16716 // 
            
            
            
            BID: 102424 // 
            
            
            
            JVNDB: JVNDB-2017-011764 // 
            
            
            
            CNNVD: CNNVD-201801-244 // 
            
            
            
            NVD: CVE-2017-16716

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 2.1
sources:
            
            
            ZDI: ZDI-18-026 // 
            
            
            
            ZDI: ZDI-18-027 // 
            
            
            
            ZDI: ZDI-18-028

SOURCES
db:IVDid:e2e0b981-39ab-11e9-83ba-000c29342cb1
db:ZDIid:ZDI-18-026
db:ZDIid:ZDI-18-064
db:ZDIid:ZDI-18-065
db:ZDIid:ZDI-18-027
db:ZDIid:ZDI-18-028
db:CNVDid:CNVD-2018-00669
db:VULHUBid:VHN-107666
db:VULMONid:CVE-2017-16716
db:BIDid:102424
db:JVNDBid:JVNDB-2017-011764
db:CNNVDid:CNNVD-201801-244
db:NVDid:CVE-2017-16716

LAST UPDATE DATE
2024-08-14T13:46:13.710000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-026date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-064date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-065date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-027date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-028date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00669date:2018-01-10T00:00:00
db:VULHUBid:VHN-107666date:2018-02-02T00:00:00
db:VULMONid:CVE-2017-16716date:2018-02-02T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011764date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201801-244date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16716date:2018-02-02T02:29:01.137

SOURCES RELEASE DATE
db:IVDid:e2e0b981-39ab-11e9-83ba-000c29342cb1date:2018-01-10T00:00:00
db:ZDIid:ZDI-18-026date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-064date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-065date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-027date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-028date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00669date:2018-01-10T00:00:00
db:VULHUBid:VHN-107666date:2018-01-05T00:00:00
db:VULMONid:CVE-2017-16716date:2018-01-05T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:JVNDBid:JVNDB-2017-011764date:2018-01-25T00:00:00
db:CNNVDid:CNNVD-201801-244date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16716date:2018-01-05T08:29:00.267