Sign-up

ID

VAR-201805-1143


CVE

CVE-2018-7499


TITLE

Advantech WebAccess Node waexec Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 1.4

sources: ZDI: ZDI-18-501 // ZDI: ZDI-18-522

DESCRIPTION

In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability.The specific flaw exists within bwaccrts.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator. Advantech WebAccess and others are products of Advantech. Advantech WebAccess is a browser-based HMI/SCADA software. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. WebAccess Dashboard is one of the dashboard components; WebAccess Scada Node is one of the monitoring node components. WebAccess/NMS is a suite of web browsers for the Network Management System (NMS). A stack buffer overflow vulnerability exists in several Advantech products. Advantech WebAccess, etc. Advantech WebAccess is a set of HMI/SCADA software based on browser architecture. The following versions are affected: Advantech WebAccess 8.2_20170817 and earlier, 8.3.0 and earlier; WebAccess Dashboard 2.0.15 and earlier; WebAccess Scada Node 8.3.1 and earlier; WebAccess/NMS 2.0.3 and earlier

Trust: 10.53

sources: NVD: CVE-2018-7499 // ZDI: ZDI-18-501 // ZDI: ZDI-18-522 // ZDI: ZDI-18-521 // ZDI: ZDI-18-512 // ZDI: ZDI-18-503 // ZDI: ZDI-18-502 // ZDI: ZDI-18-516 // ZDI: ZDI-18-506 // ZDI: ZDI-18-513 // ZDI: ZDI-18-511 // ZDI: ZDI-18-509 // ZDI: ZDI-18-525 // ZDI: ZDI-18-523 // ZDI: ZDI-18-519 // CNVD: CNVD-2018-10713 // IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // VULHUB: VHN-137531

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // CNVD: CNVD-2018-10713

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 9.8

vendor:advantechmodel:webaccessscope:lteversion:8.2_20170817

Trust: 1.0

vendor:advantechmodel:webaccessscope:lteversion:8.3.0

Trust: 1.0

vendor:advantechmodel:webaccess\/nmsscope:lteversion:2.0.3

Trust: 1.0

vendor:advantechmodel:webaccess scadascope:ltversion:8.3.1

Trust: 1.0

vendor:advantechmodel:webaccess dashboardscope:lteversion:2.0.15

Trust: 1.0

vendor:advantechmodel:webaccess <=8.2 20170817scope: - version: -

Trust: 0.6

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.0

Trust: 0.6

vendor:advantechmodel:webaccess dashboardscope:lteversion:<=2.0.15

Trust: 0.6

vendor:advantechmodel:webaccess scada nodescope:ltversion:8.3.1

Trust: 0.6

vendor:advantechmodel:webaccess/nmsscope:lteversion:<=2.0.3

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3.0

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.2_20170817

Trust: 0.6

vendor:advantechmodel:webaccess dashboardscope:eqversion:2.0.15

Trust: 0.6

vendor:advantechmodel:webaccess\/nmsscope:eqversion:2.0.3

Trust: 0.6

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.4

vendor:webaccess dashboardmodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess scadamodel: - scope:eqversion:*

Trust: 0.2

vendor:webaccess nmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-513 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522 // CNVD: CNVD-2018-10713 // CNNVD: CNNVD-201805-446 // NVD: CVE-2018-7499

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-7499
value: HIGH

Trust: 9.8

nvd@nist.gov: CVE-2018-7499
value: CRITICAL

Trust: 1.0

CNVD: CNVD-2018-10713
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-446
value: CRITICAL

Trust: 0.6

IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-137531
value: HIGH

Trust: 0.1

ZDI: CVE-2018-7499
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 9.8

nvd@nist.gov: CVE-2018-7499
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2018-10713
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137531
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7499
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-513 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522 // CNVD: CNVD-2018-10713 // VULHUB: VHN-137531 // CNNVD: CNNVD-201805-446 // NVD: CVE-2018-7499

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-137531 // NVD: CVE-2018-7499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-446

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // CNNVD: CNNVD-201805-446

PATCH

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01

Trust: 9.8

title:Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-10713)url:https://www.cnvd.org.cn/patchInfo/show/130743

Trust: 0.6

title:Multiple Advantech Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80056

Trust: 0.6

sources: ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-513 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522 // CNVD: CNVD-2018-10713 // CNNVD: CNNVD-201805-446

EXTERNAL IDS

db:NVDid:CVE-2018-7499

Trust: 12.3

db:ICS CERTid:ICSA-18-135-01

Trust: 2.3

db:BIDid:104190

Trust: 1.7

db:CNVDid:CNVD-2018-10713

Trust: 0.8

db:CNNVDid:CNNVD-201805-446

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-5691

Trust: 0.7

db:ZDIid:ZDI-18-516

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5694

Trust: 0.7

db:ZDIid:ZDI-18-519

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5698

Trust: 0.7

db:ZDIid:ZDI-18-523

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5700

Trust: 0.7

db:ZDIid:ZDI-18-525

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5684

Trust: 0.7

db:ZDIid:ZDI-18-509

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5686

Trust: 0.7

db:ZDIid:ZDI-18-511

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5688

Trust: 0.7

db:ZDIid:ZDI-18-513

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5676

Trust: 0.7

db:ZDIid:ZDI-18-501

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5681

Trust: 0.7

db:ZDIid:ZDI-18-506

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5677

Trust: 0.7

db:ZDIid:ZDI-18-502

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5678

Trust: 0.7

db:ZDIid:ZDI-18-503

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5687

Trust: 0.7

db:ZDIid:ZDI-18-512

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5696

Trust: 0.7

db:ZDIid:ZDI-18-521

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-5697

Trust: 0.7

db:ZDIid:ZDI-18-522

Trust: 0.7

db:IVDid:E2F10D30-39AB-11E9-AE57-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-137531

Trust: 0.1

sources: IVD: e2f10d30-39ab-11e9-ae57-000c29342cb1 // ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-513 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522 // CNVD: CNVD-2018-10713 // VULHUB: VHN-137531 // CNNVD: CNNVD-201805-446 // NVD: CVE-2018-7499

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-135-01

Trust: 12.1

url:http://www.securityfocus.com/bid/104190

Trust: 1.7

sources: ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-513 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522 // CNVD: CNVD-2018-10713 // VULHUB: VHN-137531 // CNNVD: CNNVD-201805-446 // NVD: CVE-2018-7499

CREDITS

Mat Powell - Trend Micro Zero Day Initiative

Trust: 9.1

sources: ZDI: ZDI-18-516 // ZDI: ZDI-18-519 // ZDI: ZDI-18-523 // ZDI: ZDI-18-525 // ZDI: ZDI-18-509 // ZDI: ZDI-18-511 // ZDI: ZDI-18-501 // ZDI: ZDI-18-506 // ZDI: ZDI-18-502 // ZDI: ZDI-18-503 // ZDI: ZDI-18-512 // ZDI: ZDI-18-521 // ZDI: ZDI-18-522

SOURCES

db:IVDid:e2f10d30-39ab-11e9-ae57-000c29342cb1
db:ZDIid:ZDI-18-516
db:ZDIid:ZDI-18-519
db:ZDIid:ZDI-18-523
db:ZDIid:ZDI-18-525
db:ZDIid:ZDI-18-509
db:ZDIid:ZDI-18-511
db:ZDIid:ZDI-18-513
db:ZDIid:ZDI-18-501
db:ZDIid:ZDI-18-506
db:ZDIid:ZDI-18-502
db:ZDIid:ZDI-18-503
db:ZDIid:ZDI-18-512
db:ZDIid:ZDI-18-521
db:ZDIid:ZDI-18-522
db:CNVDid:CNVD-2018-10713
db:VULHUBid:VHN-137531
db:CNNVDid:CNNVD-201805-446
db:NVDid:CVE-2018-7499

LAST UPDATE DATE

2025-01-03T22:42:54.132000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-516date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-519date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-523date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-525date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-509date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-511date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-513date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-501date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-506date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-502date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-503date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-512date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-521date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-522date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-10713date:2018-05-31T00:00:00
db:VULHUBid:VHN-137531date:2020-10-02T00:00:00
db:CNNVDid:CNNVD-201805-446date:2020-10-09T00:00:00
db:NVDid:CVE-2018-7499date:2024-11-21T04:12:15.050

SOURCES RELEASE DATE

db:IVDid:e2f10d30-39ab-11e9-ae57-000c29342cb1date:2018-05-31T00:00:00
db:ZDIid:ZDI-18-516date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-519date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-523date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-525date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-509date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-511date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-513date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-501date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-506date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-502date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-503date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-512date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-521date:2018-05-18T00:00:00
db:ZDIid:ZDI-18-522date:2018-05-18T00:00:00
db:CNVDid:CNVD-2018-10713date:2018-05-31T00:00:00
db:VULHUBid:VHN-137531date:2018-05-15T00:00:00
db:CNNVDid:CNNVD-201805-446date:2018-05-16T00:00:00
db:NVDid:CVE-2018-7499date:2018-05-15T22:29:00.503