Sign-up

ID

VAR-201805-1126


CVE

CVE-2018-8841


TITLE

plural Advantech WebAccess Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-005076

DESCRIPTION

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. plural Advantech WebAccess The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Advantech WebAccess Node. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the access control that is set and modified during the installation of the product. The product installation weakens access control restrictions of pre-existing system files and sets weak access control restrictions on new files. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A security vulnerability exists in several Advantech products that stems from a program's failure to properly manage permissions. An attacker could use this vulnerability to modify a file. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess etc

Trust: 3.33

sources: NVD: CVE-2018-8841 // JVNDB: JVNDB-2018-005076 // ZDI: ZDI-18-500 // CNVD: CNVD-2018-13782 // BID: 104190 // IVD: e2f6b281-39ab-11e9-b166-000c29342cb1 // VULHUB: VHN-138873

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f6b281-39ab-11e9-b166-000c29342cb1 // CNVD: CNVD-2018-13782

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.2_20170817

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:8.3.0

Trust: 1.8

vendor:advantechmodel:webaccess dashboardscope:lteversion:2.0.15

Trust: 1.8

vendor:advantechmodel:webaccess scadascope:ltversion:8.3.1

Trust: 1.0

vendor:advantechmodel:webaccess\/nmsscope:lteversion:2.0.3

Trust: 1.0

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0.15

Trust: 0.9

vendor:advantechmodel:webaccess scada nodescope:ltversion:8.3.1

Trust: 0.8

vendor:advantechmodel:webaccess/nmsscope:lteversion:2.0.3

Trust: 0.8

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess <=v8.2 20170817scope: - version: -

Trust: 0.6

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.0

Trust: 0.6

vendor:advantechmodel:webaccess dashboardscope:lteversion:<=2.0.15

Trust: 0.6

vendor:advantechmodel:webaccess/nmsscope:lteversion:<=2.0.3

Trust: 0.6

vendor:advantechmodel:webaccess scada nodescope:lteversion:<=8.3.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.2_20170817

Trust: 0.6

vendor:advantechmodel:webaccess\/nmsscope:eqversion:2.0.3

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0.3

Trust: 0.3

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccess scada nodescope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170817scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.1

Trust: 0.3

vendor:webaccess dashboardmodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess scadamodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess nmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f6b281-39ab-11e9-b166-000c29342cb1 // ZDI: ZDI-18-500 // CNVD: CNVD-2018-13782 // BID: 104190 // JVNDB: JVNDB-2018-005076 // CNNVD: CNNVD-201805-442 // NVD: CVE-2018-8841

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8841
value: HIGH

Trust: 1.0

NVD: CVE-2018-8841
value: HIGH

Trust: 0.8

ZDI: CVE-2018-8841
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-13782
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-442
value: HIGH

Trust: 0.6

IVD: e2f6b281-39ab-11e9-b166-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-138873
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8841
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-8841
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-13782
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f6b281-39ab-11e9-b166-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-138873
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8841
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f6b281-39ab-11e9-b166-000c29342cb1 // ZDI: ZDI-18-500 // CNVD: CNVD-2018-13782 // VULHUB: VHN-138873 // JVNDB: JVNDB-2018-005076 // CNNVD: CNNVD-201805-442 // NVD: CVE-2018-8841

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-138873 // JVNDB: JVNDB-2018-005076 // NVD: CVE-2018-8841

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-442

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201805-442

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005076

PATCH
title:トップページurl:http://www.advantech.co.jp/
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01
Trust: 0.7
title:Patches for Multiple Advantech Products Improper Rights Management Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/135203
Trust: 0.6
title:Multiple Advantech Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80052
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-500 // 
            
            
            
            CNVD: CNVD-2018-13782 // 
            
            
            
            JVNDB: JVNDB-2018-005076 // 
            
            
            
            CNNVD: CNNVD-201805-442

EXTERNAL IDS
db:NVDid:CVE-2018-8841
Trust: 4.3
db:ICS CERTid:ICSA-18-135-01
Trust: 3.4
db:BIDid:104190
Trust: 2.6
db:CNVDid:CNVD-2018-13782
Trust: 0.8
db:CNNVDid:CNNVD-201805-442
Trust: 0.8
db:JVNDBid:JVNDB-2018-005076
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5670
Trust: 0.7
db:ZDIid:ZDI-18-500
Trust: 0.7
db:IVDid:E2F6B281-39AB-11E9-B166-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-138873
Trust: 0.1
sources:
            
            
            IVD: e2f6b281-39ab-11e9-b166-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-500 // 
            
            
            
            CNVD: CNVD-2018-13782 // 
            
            
            
            VULHUB: VHN-138873 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005076 // 
            
            
            
            CNNVD: CNNVD-201805-442 // 
            
            
            
            NVD: CVE-2018-8841

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-135-01
Trust: 4.1
url:http://www.securityfocus.com/bid/104190
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8841
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8841
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-500 // 
            
            
            
            CNVD: CNVD-2018-13782 // 
            
            
            
            VULHUB: VHN-138873 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005076 // 
            
            
            
            CNNVD: CNNVD-201805-442 // 
            
            
            
            NVD: CVE-2018-8841

CREDITS
Fritz Sands of the Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-500

SOURCES
db:IVDid:e2f6b281-39ab-11e9-b166-000c29342cb1
db:ZDIid:ZDI-18-500
db:CNVDid:CNVD-2018-13782
db:VULHUBid:VHN-138873
db:BIDid:104190
db:JVNDBid:JVNDB-2018-005076
db:CNNVDid:CNNVD-201805-442
db:NVDid:CVE-2018-8841

LAST UPDATE DATE
2024-08-14T13:45:48.461000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-500date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-13782date:2018-07-24T00:00:00
db:VULHUBid:VHN-138873date:2019-10-09T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005076date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-442date:2019-10-17T00:00:00
db:NVDid:CVE-2018-8841date:2019-10-09T23:42:55.863

SOURCES RELEASE DATE
db:IVDid:e2f6b281-39ab-11e9-b166-000c29342cb1date:2018-07-24T00:00:00
db:ZDIid:ZDI-18-500date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-13782date:2018-07-24T00:00:00
db:VULHUBid:VHN-138873date:2018-05-15T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005076date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-442date:2018-05-16T00:00:00
db:NVDid:CVE-2018-8841date:2018-05-15T22:29:00.690