Details of VAR-201801-0152

ID

VAR-201801-0152

CVE

CVE-2017-16728

TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-18-012 // ZDI: ZDI-18-009 // ZDI: ZDI-18-015

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. Advantech WebAccess Is NULL A vulnerability related to pointer dereference exists.Service operation interruption (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27f1 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3

Trust: 11.16

sources: NVD: CVE-2017-16728 // JVNDB: JVNDB-2017-011796 // ZDI: ZDI-18-035 // ZDI: ZDI-18-015 // ZDI: ZDI-18-009 // ZDI: ZDI-18-036 // ZDI: ZDI-18-014 // ZDI: ZDI-18-033 // ZDI: ZDI-18-021 // ZDI: ZDI-18-059 // ZDI: ZDI-18-057 // ZDI: ZDI-18-040 // ZDI: ZDI-18-039 // ZDI: ZDI-18-038 // ZDI: ZDI-18-020 // ZDI: ZDI-18-012 // CNVD: CNVD-2018-00673 // IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNVD: CNVD-2018-00673

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.8
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.3	Trust: 2.4
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-057 // ZDI: ZDI-18-059 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-014 // ZDI: ZDI-18-036 // ZDI: ZDI-18-009 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // JVNDB: JVNDB-2017-011796 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-16728
value:	MEDIUM
Trust: 8.4
ZDI:	CVE-2017-16728
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2017-16728
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16728
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-00673
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-241
value:	HIGH
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
value:	HIGH
Trust: 0.2

ZDI:	CVE-2017-16728
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 8.4
nvd@nist.gov:	CVE-2017-16728
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-16728
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
CNVD:	CNVD-2018-00673
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-16728
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.8
problemtype:	CWE-822	Trust: 1.0

sources: JVNDB: JVNDB-2017-011796 // NVD: CVE-2017-16728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-241

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNNVD: CNNVD-201801-241

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011796

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02	Trust: 9.8
title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)	url:	https://www.cnvd.org.cn/patchInfo/show/113125	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552	Trust: 0.6

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-040 // ZDI: ZDI-18-057 // ZDI: ZDI-18-059 // ZDI: ZDI-18-021 // ZDI: ZDI-18-033 // ZDI: ZDI-18-014 // ZDI: ZDI-18-036 // ZDI: ZDI-18-009 // ZDI: ZDI-18-015 // CNVD: CNVD-2018-00673 // JVNDB: JVNDB-2017-011796 // CNNVD: CNNVD-201801-241

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16728	Trust: 13.0
db:	BID	id:	102424	Trust: 2.2
db:	ICS CERT	id:	ICSA-18-004-02	Trust: 1.6
db:	CNVD	id:	CNVD-2018-00673	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-241	Trust: 0.8
db:	ICS CERT	id:	ICSA-18-004-02A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011796	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5003	Trust: 0.7
db:	ZDI	id:	ZDI-18-035	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4959	Trust: 0.7
db:	ZDI	id:	ZDI-18-012	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4973	Trust: 0.7
db:	ZDI	id:	ZDI-18-020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5006	Trust: 0.7
db:	ZDI	id:	ZDI-18-038	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5007	Trust: 0.7
db:	ZDI	id:	ZDI-18-039	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5010	Trust: 0.7
db:	ZDI	id:	ZDI-18-040	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5060	Trust: 0.7
db:	ZDI	id:	ZDI-18-057	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5062	Trust: 0.7
db:	ZDI	id:	ZDI-18-059	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4974	Trust: 0.7
db:	ZDI	id:	ZDI-18-021	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5001	Trust: 0.7
db:	ZDI	id:	ZDI-18-033	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4961	Trust: 0.7
db:	ZDI	id:	ZDI-18-014	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5004	Trust: 0.7
db:	ZDI	id:	ZDI-18-036	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4952	Trust: 0.7
db:	ZDI	id:	ZDI-18-009	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4962	Trust: 0.7
db:	ZDI	id:	ZDI-18-015	Trust: 0.7
db:	IVD	id:	E2E1079E-39AB-11E9-9B2B-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02	Trust: 11.4
url:	http://www.securityfocus.com/bid/102424	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16728	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16728	Trust: 0.8

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.8

SOURCES

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
db:	ZDI	id:	ZDI-18-035
db:	ZDI	id:	ZDI-18-012
db:	ZDI	id:	ZDI-18-020
db:	ZDI	id:	ZDI-18-038
db:	ZDI	id:	ZDI-18-039
db:	ZDI	id:	ZDI-18-040
db:	ZDI	id:	ZDI-18-057
db:	ZDI	id:	ZDI-18-059
db:	ZDI	id:	ZDI-18-021
db:	ZDI	id:	ZDI-18-033
db:	ZDI	id:	ZDI-18-014
db:	ZDI	id:	ZDI-18-036
db:	ZDI	id:	ZDI-18-009
db:	ZDI	id:	ZDI-18-015
db:	CNVD	id:	CNVD-2018-00673
db:	JVNDB	id:	JVNDB-2017-011796
db:	CNNVD	id:	CNNVD-201801-241
db:	NVD	id:	CVE-2017-16728

LAST UPDATE DATE

2024-09-15T22:52:14.308000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-040	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-057	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-059	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-021	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-033	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-014	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-036	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-009	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-015	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-011796	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2019-10-09T23:25:15.270

SOURCES RELEASE DATE

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1	date:	2018-01-10T00:00:00
db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-040	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-057	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-059	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-021	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-033	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-014	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-036	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-009	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-015	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-011796	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2018-01-05T08:29:00.393