Details of VAR-201801-1494

ID

VAR-201801-1494

CVE

CVE-2018-5445

TITLE

Advantech WebAccess/SCADA Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-001575 // CNNVD: CNNVD-201801-958

DESCRIPTION

A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the filename parameter of certUpdate.asp. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute code under the context of the current process. Advantech WebAccess is a browser-based human interface HMI software package, as well as monitoring and data acquisition SCADA. Advantech WebAccess/SCADA has a directory traversal vulnerability. Advantech WebAccess/SCADA is prone to a directory-traversal vulnerability and a SQL-injection vulnerability A remote attacker could exploit these issues to access data, or exploit latent vulnerabilities in the underlying database or use directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Advantech WebAccess/SCADA is a browser-based SCADA software developed by Advantech. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment

Trust: 3.33

sources: NVD: CVE-2018-5445 // JVNDB: JVNDB-2018-001575 // ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // BID: 102781 // IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // VULHUB: VHN-135476

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // CNVD: CNVD-2018-01709

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess\/scada	scope:	lt	version:	8.2_20170817	Trust: 1.0
vendor:	advantech	model:	webaccess/scada	scope:	lt	version:	8.2_20170817	Trust: 0.8
vendor:	advantech	model:	webaccess node	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess/scada <v8.2 20170817	scope:	-	version:	-	Trust: 0.6
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	8.0	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	eq	version:	7.2	Trust: 0.3
vendor:	advantech	model:	webaccess/scada	scope:	ne	version:	8.3	Trust: 0.3
vendor:	webaccess scada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // BID: 102781 // JVNDB: JVNDB-2018-001575 // NVD: CVE-2018-5445

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5445
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-5445
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2018-5445
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-01709
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-958
value:	MEDIUM
Trust: 0.6
IVD:	e2e2b54f-39ab-11e9-b4d4-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-135476
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-5445
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-5445
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-01709
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e2b54f-39ab-11e9-b4d4-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-135476
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5445
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // VULHUB: VHN-135476 // JVNDB: JVNDB-2018-001575 // CNNVD: CNNVD-201801-958 // NVD: CVE-2018-5445

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-135476 // JVNDB: JVNDB-2018-001575 // NVD: CVE-2018-5445

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-958

TYPE

Path traversal

Trust: 0.8

sources: IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // CNNVD: CNNVD-201801-958

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001575

PATCH

title:	WebAccess/SCADA	url:	http://www.advantech.com/industrial-automation/webaccess/webaccessscada	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01	Trust: 0.7
title:	Advantech WebAccess/SCADA Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/114215	Trust: 0.6
title:	Advantech WebAccess/SCADA Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78082	Trust: 0.6

sources: ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // JVNDB: JVNDB-2018-001575 // CNNVD: CNNVD-201801-958

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5445	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-023-01	Trust: 3.4
db:	BID	id:	102781	Trust: 2.0
db:	CNNVD	id:	CNNVD-201801-958	Trust: 0.9
db:	CNVD	id:	CNVD-2018-01709	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-001575	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5492	Trust: 0.7
db:	ZDI	id:	ZDI-18-142	Trust: 0.7
db:	IVD	id:	E2E2B54F-39AB-11E9-B4D4-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-135476	Trust: 0.1

sources: IVD: e2e2b54f-39ab-11e9-b4d4-000c29342cb1 // ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // VULHUB: VHN-135476 // BID: 102781 // JVNDB: JVNDB-2018-001575 // CNNVD: CNNVD-201801-958 // NVD: CVE-2018-5445

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-023-01	Trust: 3.5
url:	http://www.securityfocus.com/bid/102781	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5445	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5445	Trust: 0.8
url:	https://www.proxyit.cc/advisories/icsa-18-023-01	Trust: 0.6
url:	http://www.advantech.in/	Trust: 0.3
url:	http://www.advantech.com/industrial-automation/webaccess/webaccessscada	Trust: 0.3

sources: ZDI: ZDI-18-142 // CNVD: CNVD-2018-01709 // VULHUB: VHN-135476 // BID: 102781 // JVNDB: JVNDB-2018-001575 // CNNVD: CNNVD-201801-958 // NVD: CVE-2018-5445

CREDITS

rgod

Trust: 0.7

sources: ZDI: ZDI-18-142

SOURCES

db:	IVD	id:	e2e2b54f-39ab-11e9-b4d4-000c29342cb1
db:	ZDI	id:	ZDI-18-142
db:	CNVD	id:	CNVD-2018-01709
db:	VULHUB	id:	VHN-135476
db:	BID	id:	102781
db:	JVNDB	id:	JVNDB-2018-001575
db:	CNNVD	id:	CNNVD-201801-958
db:	NVD	id:	CVE-2018-5445

LAST UPDATE DATE

2024-08-14T14:39:32.517000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-142	date:	2018-02-09T00:00:00
db:	CNVD	id:	CNVD-2018-01709	date:	2018-01-24T00:00:00
db:	VULHUB	id:	VHN-135476	date:	2019-10-09T00:00:00
db:	BID	id:	102781	date:	2018-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-001575	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-958	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-5445	date:	2019-10-09T23:41:22.423

SOURCES RELEASE DATE

db:	IVD	id:	e2e2b54f-39ab-11e9-b4d4-000c29342cb1	date:	2018-01-24T00:00:00
db:	ZDI	id:	ZDI-18-142	date:	2018-02-06T00:00:00
db:	CNVD	id:	CNVD-2018-01709	date:	2018-01-24T00:00:00
db:	VULHUB	id:	VHN-135476	date:	2018-01-25T00:00:00
db:	BID	id:	102781	date:	2018-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-001575	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-958	date:	2018-01-26T00:00:00
db:	NVD	id:	CVE-2018-5445	date:	2018-01-25T03:29:00.367