Sign-up

ID

VAR-201805-1141


CVE

CVE-2018-7495


TITLE

plural Advantech WebAccess Path traversal vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-005070

DESCRIPTION

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. plural Advantech WebAccess The product contains a path traversal vulnerability.Information may be tampered with. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this functionality to delete files under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). Security vulnerabilities exist in several Advantech products. Multiple SQL-injection vulnerabilities 2. An information-disclosure vulnerability 3. A file-upload vulnerability 4. Multiple directory-traversal vulnerabilities 5. Multiple stack-based buffer-overflow vulnerabilities 6. A heap-based buffer-overflow vulnerability 7. Multiple arbitrary code-execution vulnerabilities 8. A denial-of-service vulnerability 9. A security-bypass vulnerability 10. A privilege-escalation vulnerability An attacker can exploit these issues to execute arbitrary code in the context of the application, or modify data, or exploit latent vulnerabilities in the underlying database, delete arbitrary files, gain elevated privileges, perform certain unauthorized actions, upload arbitrary files to the affected application gain unauthorized access and obtain sensitive information. Failed attacks will cause denial of service conditions. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier

Trust: 3.33

sources: NVD: CVE-2018-7495 // JVNDB: JVNDB-2018-005070 // ZDI: ZDI-18-499 // CNVD: CNVD-2018-13786 // BID: 104190 // IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // VULHUB: VHN-137527

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // CNVD: CNVD-2018-13786

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.2_20170817

Trust: 1.8

vendor:advantechmodel:webaccessscope:lteversion:8.3.0

Trust: 1.8

vendor:advantechmodel:webaccess dashboardscope:lteversion:2.0.15

Trust: 1.8

vendor:advantechmodel:webaccess scadascope:ltversion:8.3.1

Trust: 1.0

vendor:advantechmodel:webaccess\/nmsscope:lteversion:2.0.3

Trust: 1.0

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0.15

Trust: 0.9

vendor:advantechmodel:webaccess scada nodescope:ltversion:8.3.1

Trust: 0.8

vendor:advantechmodel:webaccess/nmsscope:lteversion:2.0.3

Trust: 0.8

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccess <=8.2 20170817scope: - version: -

Trust: 0.6

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.0

Trust: 0.6

vendor:advantechmodel:webaccess dashboardscope:lteversion:<=2.0.15

Trust: 0.6

vendor:advantechmodel:webaccess/nmsscope:lteversion:<=2.0.3

Trust: 0.6

vendor:advantechmodel:webaccess scada nodescope:lteversion:<=8.3.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.2_20170817

Trust: 0.6

vendor:advantechmodel:webaccess\/nmsscope:eqversion:2.0.3

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0.3

Trust: 0.3

vendor:advantechmodel:webaccess/nmsscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccess scada nodescope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170817scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccess 8.2 20170330scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccess 8.1 20160519scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccess 8.0 20150816scope: - version: -

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.1

Trust: 0.3

vendor:webaccess dashboardmodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess scadamodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess nmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // ZDI: ZDI-18-499 // CNVD: CNVD-2018-13786 // BID: 104190 // JVNDB: JVNDB-2018-005070 // CNNVD: CNNVD-201805-448 // NVD: CVE-2018-7495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7495
value: HIGH

Trust: 1.0

NVD: CVE-2018-7495
value: HIGH

Trust: 0.8

ZDI: CVE-2018-7495
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-13786
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-448
value: HIGH

Trust: 0.6

IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-137527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7495
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-7495
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-13786
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137527
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7495
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // ZDI: ZDI-18-499 // CNVD: CNVD-2018-13786 // VULHUB: VHN-137527 // JVNDB: JVNDB-2018-005070 // CNNVD: CNNVD-201805-448 // NVD: CVE-2018-7495

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

problemtype:CWE-73

Trust: 1.0

sources: VULHUB: VHN-137527 // JVNDB: JVNDB-2018-005070 // NVD: CVE-2018-7495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-448

TYPE

Path traversal

Trust: 0.8

sources: IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // CNNVD: CNNVD-201805-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005070

PATCH
title:トップページurl:http://www.advantech.co.jp/
Trust: 0.8
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01
Trust: 0.7
title:Patches for multiple Advantech product file names or path external control vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/135199
Trust: 0.6
title:Multiple Advantech Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80058
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-499 // 
            
            
            
            CNVD: CNVD-2018-13786 // 
            
            
            
            JVNDB: JVNDB-2018-005070 // 
            
            
            
            CNNVD: CNNVD-201805-448

EXTERNAL IDS
db:NVDid:CVE-2018-7495
Trust: 4.3
db:ICS CERTid:ICSA-18-135-01
Trust: 3.4
db:BIDid:104190
Trust: 2.6
db:CNNVDid:CNNVD-201805-448
Trust: 0.9
db:CNVDid:CNVD-2018-13786
Trust: 0.8
db:JVNDBid:JVNDB-2018-005070
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5664
Trust: 0.7
db:ZDIid:ZDI-18-499
Trust: 0.7
db:IVDid:E2F700A2-39AB-11E9-92AD-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137527
Trust: 0.1
sources:
            
            
            IVD: e2f700a2-39ab-11e9-92ad-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-499 // 
            
            
            
            CNVD: CNVD-2018-13786 // 
            
            
            
            VULHUB: VHN-137527 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005070 // 
            
            
            
            CNNVD: CNNVD-201805-448 // 
            
            
            
            NVD: CVE-2018-7495

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-135-01
Trust: 4.1
url:http://www.securityfocus.com/bid/104190
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7495
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7495
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-499 // 
            
            
            
            CNVD: CNVD-2018-13786 // 
            
            
            
            VULHUB: VHN-137527 // 
            
            
            
            BID: 104190 // 
            
            
            
            JVNDB: JVNDB-2018-005070 // 
            
            
            
            CNNVD: CNNVD-201805-448 // 
            
            
            
            NVD: CVE-2018-7495

CREDITS
Steven Seeley (mr_me) of Offensive Security
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-499

SOURCES
db:IVDid:e2f700a2-39ab-11e9-92ad-000c29342cb1
db:ZDIid:ZDI-18-499
db:CNVDid:CNVD-2018-13786
db:VULHUBid:VHN-137527
db:BIDid:104190
db:JVNDBid:JVNDB-2018-005070
db:CNNVDid:CNNVD-201805-448
db:NVDid:CVE-2018-7495

LAST UPDATE DATE
2024-08-14T13:45:48.555000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-499date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-13786date:2018-07-24T00:00:00
db:VULHUBid:VHN-137527date:2019-10-09T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005070date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-448date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7495date:2019-10-09T23:42:19.300

SOURCES RELEASE DATE
db:IVDid:e2f700a2-39ab-11e9-92ad-000c29342cb1date:2018-07-24T00:00:00
db:ZDIid:ZDI-18-499date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-13786date:2018-07-24T00:00:00
db:VULHUBid:VHN-137527date:2018-05-15T00:00:00
db:BIDid:104190date:2018-05-15T00:00:00
db:JVNDBid:JVNDB-2018-005070date:2018-07-05T00:00:00
db:CNNVDid:CNNVD-201805-448date:2018-05-16T00:00:00
db:NVDid:CVE-2018-7495date:2018-05-15T22:29:00.410