ID

VAR-201801-0152


CVE

CVE-2017-16728


TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-012 // ZDI: ZDI-18-009

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27e7 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information

Trust: 10.71

sources: NVD: CVE-2017-16728 // ZDI: ZDI-18-018 // ZDI: ZDI-18-032 // ZDI: ZDI-18-037 // ZDI: ZDI-18-009 // ZDI: ZDI-18-034 // ZDI: ZDI-18-033 // ZDI: ZDI-18-035 // ZDI: ZDI-18-011 // ZDI: ZDI-18-059 // ZDI: ZDI-18-031 // ZDI: ZDI-18-039 // ZDI: ZDI-18-038 // ZDI: ZDI-18-020 // ZDI: ZDI-18-012 // CNVD: CNVD-2018-00673 // BID: 102424 // IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNVD: CNVD-2018-00673

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope: - version: -

Trust: 9.8

vendor:advantechmodel:webaccessscope:ltversion:8.3

Trust: 1.6

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:7.2

Trust: 0.9

vendor:advantechmodel:webaccessscope:eqversion:8.0

Trust: 0.6

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2017-16728
value: MEDIUM

Trust: 9.1

nvd@nist.gov: CVE-2017-16728
value: HIGH

Trust: 1.0

ZDI: CVE-2017-16728
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-00673
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-241
value: HIGH

Trust: 0.6

IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1
value: HIGH

Trust: 0.2

ZDI: CVE-2017-16728
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 9.1

nvd@nist.gov: CVE-2017-16728
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

ZDI: CVE-2017-16728
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-00673
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-16728
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:CWE-822

Trust: 1.0

sources: NVD: CVE-2017-16728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-241

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNNVD: CNNVD-201801-241

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02

Trust: 9.8

title:Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)url:https://www.cnvd.org.cn/patchInfo/show/113125

Trust: 0.6

title:Advantech WebAccess Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552

Trust: 0.6

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241

EXTERNAL IDS

db:NVDid:CVE-2017-16728

Trust: 12.5

db:BIDid:102424

Trust: 2.5

db:ICS CERTid:ICSA-18-004-02

Trust: 1.9

db:CNVDid:CNVD-2018-00673

Trust: 0.8

db:CNNVDid:CNNVD-201801-241

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5003

Trust: 0.7

db:ZDIid:ZDI-18-035

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4959

Trust: 0.7

db:ZDIid:ZDI-18-012

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4973

Trust: 0.7

db:ZDIid:ZDI-18-020

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5006

Trust: 0.7

db:ZDIid:ZDI-18-038

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5007

Trust: 0.7

db:ZDIid:ZDI-18-039

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4999

Trust: 0.7

db:ZDIid:ZDI-18-031

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5062

Trust: 0.7

db:ZDIid:ZDI-18-059

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4965

Trust: 0.7

db:ZDIid:ZDI-18-018

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4958

Trust: 0.7

db:ZDIid:ZDI-18-011

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5001

Trust: 0.7

db:ZDIid:ZDI-18-033

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5002

Trust: 0.7

db:ZDIid:ZDI-18-034

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-4952

Trust: 0.7

db:ZDIid:ZDI-18-009

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5005

Trust: 0.7

db:ZDIid:ZDI-18-037

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5000

Trust: 0.7

db:ZDIid:ZDI-18-032

Trust: 0.7

db:IVDid:E2E1079E-39AB-11E9-9B2B-000C29342CB1

Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-004-02

Trust: 11.7

url:http://www.securityfocus.com/bid/102424

Trust: 2.2

url:http://webaccess.advantech.com

Trust: 0.3

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.8

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032

SOURCES

db:IVDid:e2e1079e-39ab-11e9-9b2b-000c29342cb1
db:ZDIid:ZDI-18-035
db:ZDIid:ZDI-18-012
db:ZDIid:ZDI-18-020
db:ZDIid:ZDI-18-038
db:ZDIid:ZDI-18-039
db:ZDIid:ZDI-18-031
db:ZDIid:ZDI-18-059
db:ZDIid:ZDI-18-018
db:ZDIid:ZDI-18-011
db:ZDIid:ZDI-18-033
db:ZDIid:ZDI-18-034
db:ZDIid:ZDI-18-009
db:ZDIid:ZDI-18-037
db:ZDIid:ZDI-18-032
db:CNVDid:CNVD-2018-00673
db:BIDid:102424
db:CNNVDid:CNNVD-201801-241
db:NVDid:CVE-2017-16728

LAST UPDATE DATE

2024-11-21T23:18:42.300000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-035date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-012date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-020date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-038date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-039date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-031date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-059date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-018date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-011date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-033date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-034date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-009date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-037date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-032date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00673date:2018-01-10T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201801-241date:2019-10-17T00:00:00
db:NVDid:CVE-2017-16728date:2019-10-09T23:25:15.270

SOURCES RELEASE DATE

db:IVDid:e2e1079e-39ab-11e9-9b2b-000c29342cb1date:2018-01-10T00:00:00
db:ZDIid:ZDI-18-035date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-012date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-020date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-038date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-039date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-031date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-059date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-018date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-011date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-033date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-034date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-009date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-037date:2018-01-05T00:00:00
db:ZDIid:ZDI-18-032date:2018-01-05T00:00:00
db:CNVDid:CNVD-2018-00673date:2018-01-10T00:00:00
db:BIDid:102424date:2018-01-04T00:00:00
db:CNNVDid:CNNVD-201801-241date:2018-01-08T00:00:00
db:NVDid:CVE-2017-16728date:2018-01-05T08:29:00.393