ID

VAR-201810-0391


CVE

CVE-2018-14806


TITLE

Advantech WebAccess Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2018-14806 // JVNDB: JVNDB-2018-011084 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // BID: 105728 // IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // VULHUB: VHN-125002

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // CNVD: CNVD-2018-21791

AFFECTED PRODUCTS

vendor:advantechmodel:webaccessscope:lteversion:8.3.1

Trust: 1.8

vendor:advantechmodel:webaccessscope:eqversion:8.3.1

Trust: 0.9

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 0.7

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14806
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14806
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-14806
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-21791
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-1187
value: CRITICAL

Trust: 0.6

IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-125002
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14806
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-14806
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-21791
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-125002
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14806
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-125002 // JVNDB: JVNDB-2018-011084 // NVD: CVE-2018-14806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1187

TYPE

Path traversal

Trust: 0.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // CNNVD: CNNVD-201810-1187

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011084

PATCH

title:トップページurl:https://www.advantech.co.jp/

Trust: 0.8

title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01

Trust: 0.7

title:Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-21791)url:https://www.cnvd.org.cn/patchInfo/show/143181

Trust: 0.6

title:Advantech WebAccess Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86279

Trust: 0.6

sources: ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187

EXTERNAL IDS

db:NVDid:CVE-2018-14806

Trust: 4.3

db:ICS CERTid:ICSA-18-296-01

Trust: 3.4

db:BIDid:105728

Trust: 2.0

db:SECTRACKid:1041939

Trust: 1.7

db:CNNVDid:CNNVD-201810-1187

Trust: 0.9

db:CNVDid:CNVD-2018-21791

Trust: 0.8

db:JVNDBid:JVNDB-2018-011084

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-6288

Trust: 0.7

db:ZDIid:ZDI-18-1301

Trust: 0.7

db:IVDid:E2FE7AB0-39AB-11E9-941D-000C29342CB1

Trust: 0.2

db:VULHUBid:VHN-125002

Trust: 0.1

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01

Trust: 3.0

url:http://www.securityfocus.com/bid/105728

Trust: 1.7

url:http://www.securitytracker.com/id/1041939

Trust: 1.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14806

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-14806

Trust: 0.8

url:http://webaccess.advantech.com

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,

Trust: 0.1

sources: ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.0

sources: ZDI: ZDI-18-1301 // BID: 105728

SOURCES

db:IVDid:e2fe7ab0-39ab-11e9-941d-000c29342cb1
db:ZDIid:ZDI-18-1301
db:CNVDid:CNVD-2018-21791
db:VULHUBid:VHN-125002
db:BIDid:105728
db:JVNDBid:JVNDB-2018-011084
db:CNNVDid:CNNVD-201810-1187
db:NVDid:CVE-2018-14806

LAST UPDATE DATE

2024-08-14T14:32:56.325000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-18-1301date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21791date:2018-10-26T00:00:00
db:VULHUBid:VHN-125002date:2019-10-09T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011084date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1187date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14806date:2023-11-07T02:53:01.957

SOURCES RELEASE DATE

db:IVDid:e2fe7ab0-39ab-11e9-941d-000c29342cb1date:2018-10-26T00:00:00
db:ZDIid:ZDI-18-1301date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21791date:2018-10-25T00:00:00
db:VULHUBid:VHN-125002date:2018-10-23T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011084date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1187date:2018-10-24T00:00:00
db:NVDid:CVE-2018-14806date:2018-10-23T20:29:00.437