ID

VAR-201801-0152


CVE

CVE-2017-16728


TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-012 // ZDI: ZDI-18-015

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27eb IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3

Trust: 10.53

sources: NVD: CVE-2017-16728 // ZDI: ZDI-18-018 // ZDI: ZDI-18-015 // ZDI: ZDI-18-034 // ZDI: ZDI-18-029 // ZDI: ZDI-18-022 // ZDI: ZDI-18-033 // ZDI: ZDI-18-035 // ZDI: ZDI-18-021 // ZDI: ZDI-18-057 // ZDI: ZDI-18-031 // ZDI: ZDI-18-039 // ZDI: ZDI-18-038 // ZDI: ZDI-18-020 // ZDI: ZDI-18-012 // CNVD: CNVD-2018-00673 // IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // VULHUB: VHN-107679

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNVD: CNVD-2018-00673

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 9.8

vendor:advantechmodel:webaccessscope:ltversion:8.3

Trust: 1.6

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-16728
value: MEDIUM

Trust: 9.1

nvd@nist.gov: CVE-2017-16728
value: HIGH

Trust: 1.0

ZDI: CVE-2017-16728
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-00673
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-241
value: HIGH

Trust: 0.6

IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-107679
value: MEDIUM

Trust: 0.1

ZDI: CVE-2017-16728
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 9.1

nvd@nist.gov: CVE-2017-16728
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

ZDI: CVE-2017-16728
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-00673
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-107679
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-16728
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // VULHUB: VHN-107679 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.1

problemtype:CWE-822

Trust: 1.0

sources: VULHUB: VHN-107679 // NVD: CVE-2017-16728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-241

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNNVD: CNNVD-201801-241

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02

Trust: 9.8

title:Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)url:https://www.cnvd.org.cn/patchInfo/show/113125

Trust: 0.6

title:Advantech WebAccess Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552

Trust: 0.6

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241

EXTERNAL IDS

db:NVDid:CVE-2017-16728

Trust: 12.3

db:BIDid:102424

Trust: 2.3

db:ICS CERTid:ICSA-18-004-02

Trust: 1.7

db:CNNVDid:CNNVD-201801-241

Trust: 0.9

db:CNVDid:CNVD-2018-00673

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5003

Trust: 0.7

db:ZDIid:ZDI-18-035

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4959

Trust: 0.7

db:ZDIid:ZDI-18-012

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4973

Trust: 0.7

db:ZDIid:ZDI-18-020

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5006

Trust: 0.7

db:ZDIid:ZDI-18-038

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5007

Trust: 0.7

db:ZDIid:ZDI-18-039

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4999

Trust: 0.7

db:ZDIid:ZDI-18-031

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5060

Trust: 0.7

db:ZDIid:ZDI-18-057

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4965

Trust: 0.7

db:ZDIid:ZDI-18-018

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4974

Trust: 0.7

db:ZDIid:ZDI-18-021

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5001

Trust: 0.7

db:ZDIid:ZDI-18-033

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4975

Trust: 0.7

db:ZDIid:ZDI-18-022

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4997

Trust: 0.7

db:ZDIid:ZDI-18-029

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5002

Trust: 0.7

db:ZDIid:ZDI-18-034

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4962

Trust: 0.7

db:ZDIid:ZDI-18-015

Trust: 0.7

db:IVDid:E2E1079E-39AB-11E9-9B2B-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-107679

Trust: 0.1

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // VULHUB: VHN-107679 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02

Trust: 11.5

url:http://www.securityfocus.com/bid/102424

Trust: 2.3

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // VULHUB: VHN-107679 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.8

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-057 // ZDI: ZDI-18-018 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-022 // ZDI: ZDI-18-029 // ZDI: ZDI-18-034 // ZDI: ZDI-18-015

SOURCES

db:IVDid:e2e1079e-39ab-11e9-9b2b-000c29342cb1
db:ZDIid:ZDI-18-035
db:ZDIid:ZDI-18-012
db:ZDIid:ZDI-18-020
db:ZDIid:ZDI-18-038
db:ZDIid:ZDI-18-039
db:ZDIid:ZDI-18-031
db:ZDIid:ZDI-18-057
db:ZDIid:ZDI-18-018
db:ZDIid:ZDI-18-021
db:ZDIid:ZDI-18-033
db:ZDIid:ZDI-18-022
db:ZDIid:ZDI-18-029
db:ZDIid:ZDI-18-034
db:ZDIid:ZDI-18-015
db:CNVDid:CNVD-2018-00673
db:VULHUBid:VHN-107679
db:CNNVDid:CNNVD-201801-241
db:NVDid:CVE-2017-16728

LAST UPDATE DATE

2024-11-07T22:19:26.625000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-035date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-012date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-020date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-038date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-039date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-031date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-057date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-018date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-021date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-033date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-022date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-029date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-034date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-015date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00673date:2018-01-10T00:00:00
db:VULHUBid:VHN-107679date:2019-10-09T00:00:00
db:CNNVDid:CNNVD-201801-241date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16728date:2019-10-09T23:25:15.270

SOURCES RELEASE DATE

db:IVDid:e2e1079e-39ab-11e9-9b2b-000c29342cb1date:2018-01-10T00:00:00
db:ZDIid:ZDI-18-035date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-012date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-020date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-038date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-039date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-031date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-057date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-018date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-021date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-033date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-022date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-029date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-034date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-015date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00673date:2018-01-10T00:00:00
db:VULHUBid:VHN-107679date:2018-01-05T00:00:00
db:CNNVDid:CNNVD-201801-241date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16728date:2018-01-05T08:29:00.393