Details of VAR-201801-0152

ID

VAR-201801-0152

CVE

CVE-2017-16728

TITLE

Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-012 // ZDI: ZDI-18-009

DESCRIPTION

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27e7 IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database,perform certain unauthorized actions, gain unauthorized access and obtain sensitive information

Trust: 10.71

sources: NVD: CVE-2017-16728 // ZDI: ZDI-18-018 // ZDI: ZDI-18-032 // ZDI: ZDI-18-037 // ZDI: ZDI-18-009 // ZDI: ZDI-18-034 // ZDI: ZDI-18-033 // ZDI: ZDI-18-035 // ZDI: ZDI-18-011 // ZDI: ZDI-18-059 // ZDI: ZDI-18-031 // ZDI: ZDI-18-039 // ZDI: ZDI-18-038 // ZDI: ZDI-18-020 // ZDI: ZDI-18-012 // CNVD: CNVD-2018-00673 // BID: 102424 // IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNVD: CNVD-2018-00673

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.8
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.3	Trust: 1.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // BID: 102424 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-16728
value:	MEDIUM
Trust: 9.1
nvd@nist.gov:	CVE-2017-16728
value:	HIGH
Trust: 1.0
ZDI:	CVE-2017-16728
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-00673
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-241
value:	HIGH
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
value:	HIGH
Trust: 0.2

ZDI:	CVE-2017-16728
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 9.1
nvd@nist.gov:	CVE-2017-16728
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
ZDI:	CVE-2017-16728
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-00673
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-16728
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241 // NVD: CVE-2017-16728

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	CWE-822	Trust: 1.0

sources: NVD: CVE-2017-16728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-241

TYPE

Code problem

Trust: 0.8

sources: IVD: e2e1079e-39ab-11e9-9b2b-000c29342cb1 // CNNVD: CNNVD-201801-241

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02	Trust: 9.8
title:	Patch for Advantech WebAccess Denial of Service Vulnerability (CNVD-2018-00673)	url:	https://www.cnvd.org.cn/patchInfo/show/113125	Trust: 0.6
title:	Advantech WebAccess Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77552	Trust: 0.6

sources: ZDI: ZDI-18-035 // ZDI: ZDI-18-012 // ZDI: ZDI-18-020 // ZDI: ZDI-18-038 // ZDI: ZDI-18-039 // ZDI: ZDI-18-031 // ZDI: ZDI-18-059 // ZDI: ZDI-18-018 // ZDI: ZDI-18-011 // ZDI: ZDI-18-033 // ZDI: ZDI-18-034 // ZDI: ZDI-18-009 // ZDI: ZDI-18-037 // ZDI: ZDI-18-032 // CNVD: CNVD-2018-00673 // CNNVD: CNNVD-201801-241

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16728	Trust: 12.5
db:	BID	id:	102424	Trust: 2.5
db:	ICS CERT	id:	ICSA-18-004-02	Trust: 1.9
db:	CNVD	id:	CNVD-2018-00673	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-241	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5003	Trust: 0.7
db:	ZDI	id:	ZDI-18-035	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4959	Trust: 0.7
db:	ZDI	id:	ZDI-18-012	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4973	Trust: 0.7
db:	ZDI	id:	ZDI-18-020	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5006	Trust: 0.7
db:	ZDI	id:	ZDI-18-038	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5007	Trust: 0.7
db:	ZDI	id:	ZDI-18-039	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4999	Trust: 0.7
db:	ZDI	id:	ZDI-18-031	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5062	Trust: 0.7
db:	ZDI	id:	ZDI-18-059	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4965	Trust: 0.7
db:	ZDI	id:	ZDI-18-018	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4958	Trust: 0.7
db:	ZDI	id:	ZDI-18-011	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5001	Trust: 0.7
db:	ZDI	id:	ZDI-18-033	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5002	Trust: 0.7
db:	ZDI	id:	ZDI-18-034	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4952	Trust: 0.7
db:	ZDI	id:	ZDI-18-009	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5005	Trust: 0.7
db:	ZDI	id:	ZDI-18-037	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5000	Trust: 0.7
db:	ZDI	id:	ZDI-18-032	Trust: 0.7
db:	IVD	id:	E2E1079E-39AB-11E9-9B2B-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02	Trust: 11.7
url:	http://www.securityfocus.com/bid/102424	Trust: 2.2
url:	http://webaccess.advantech.com	Trust: 0.3

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.8

SOURCES

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1
db:	ZDI	id:	ZDI-18-035
db:	ZDI	id:	ZDI-18-012
db:	ZDI	id:	ZDI-18-020
db:	ZDI	id:	ZDI-18-038
db:	ZDI	id:	ZDI-18-039
db:	ZDI	id:	ZDI-18-031
db:	ZDI	id:	ZDI-18-059
db:	ZDI	id:	ZDI-18-018
db:	ZDI	id:	ZDI-18-011
db:	ZDI	id:	ZDI-18-033
db:	ZDI	id:	ZDI-18-034
db:	ZDI	id:	ZDI-18-009
db:	ZDI	id:	ZDI-18-037
db:	ZDI	id:	ZDI-18-032
db:	CNVD	id:	CNVD-2018-00673
db:	BID	id:	102424
db:	CNNVD	id:	CNNVD-201801-241
db:	NVD	id:	CVE-2017-16728

LAST UPDATE DATE

2024-11-21T23:18:42.300000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-031	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-059	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-018	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-011	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-033	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-034	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-009	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-037	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-032	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2019-10-09T23:25:15.270

SOURCES RELEASE DATE

db:	IVD	id:	e2e1079e-39ab-11e9-9b2b-000c29342cb1	date:	2018-01-10T00:00:00
db:	ZDI	id:	ZDI-18-035	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-012	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-020	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-038	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-039	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-031	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-059	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-018	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-011	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-033	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-034	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-009	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-037	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-032	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00673	date:	2018-01-10T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201801-241	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2017-16728	date:	2018-01-05T08:29:00.393