Details of VAR-201810-0391

ID

VAR-201810-0391

CVE

CVE-2018-14806

TITLE

Advantech WebAccess Path traversal vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. A stack-based buffer overflow vulnerability 2. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

Trust: 3.33

sources: NVD: CVE-2018-14806 // JVNDB: JVNDB-2018-011084 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // BID: 105728 // IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // VULHUB: VHN-125002

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // CNVD: CNVD-2018-21791

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	lte	version:	8.3.1	Trust: 1.8
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3.1	Trust: 0.9
vendor:	advantech	model:	webaccess node	scope:	-	version:	-	Trust: 0.7
vendor:	advantech	model:	webaccess	scope:	lte	version:	<=8.3.1	Trust: 0.6
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.3	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14806
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14806
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2018-14806
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-21791
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201810-1187
value:	CRITICAL
Trust: 0.6
IVD:	e2fe7ab0-39ab-11e9-941d-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-125002
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14806
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-14806
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-21791
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fe7ab0-39ab-11e9-941d-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-125002
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14806
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-125002 // JVNDB: JVNDB-2018-011084 // NVD: CVE-2018-14806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1187

TYPE

Path traversal

Trust: 0.8

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // CNNVD: CNNVD-201810-1187

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011084

PATCH

title:	トップページ	url:	https://www.advantech.co.jp/	Trust: 0.8
title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01	Trust: 0.7
title:	Patch for Advantech WebAccess Path Traversal Vulnerability (CNVD-2018-21791)	url:	https://www.cnvd.org.cn/patchInfo/show/143181	Trust: 0.6
title:	Advantech WebAccess Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86279	Trust: 0.6

sources: ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14806	Trust: 4.3
db:	ICS CERT	id:	ICSA-18-296-01	Trust: 3.4
db:	BID	id:	105728	Trust: 2.0
db:	SECTRACK	id:	1041939	Trust: 1.7
db:	CNNVD	id:	CNNVD-201810-1187	Trust: 0.9
db:	CNVD	id:	CNVD-2018-21791	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-011084	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6288	Trust: 0.7
db:	ZDI	id:	ZDI-18-1301	Trust: 0.7
db:	IVD	id:	E2FE7AB0-39AB-11E9-941D-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-125002	Trust: 0.1

sources: IVD: e2fe7ab0-39ab-11e9-941d-000c29342cb1 // ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01	Trust: 3.0
url:	http://www.securityfocus.com/bid/105728	Trust: 1.7
url:	http://www.securitytracker.com/id/1041939	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14806	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14806	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-01,	Trust: 0.1

sources: ZDI: ZDI-18-1301 // CNVD: CNVD-2018-21791 // VULHUB: VHN-125002 // BID: 105728 // JVNDB: JVNDB-2018-011084 // CNNVD: CNNVD-201810-1187 // NVD: CVE-2018-14806

CREDITS

Mat Powell of Trend Micro Zero Day Initiative

Trust: 1.0

sources: ZDI: ZDI-18-1301 // BID: 105728

SOURCES

db:	IVD	id:	e2fe7ab0-39ab-11e9-941d-000c29342cb1
db:	ZDI	id:	ZDI-18-1301
db:	CNVD	id:	CNVD-2018-21791
db:	VULHUB	id:	VHN-125002
db:	BID	id:	105728
db:	JVNDB	id:	JVNDB-2018-011084
db:	CNNVD	id:	CNNVD-201810-1187
db:	NVD	id:	CVE-2018-14806

LAST UPDATE DATE

2024-08-14T14:32:56.325000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1301	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21791	date:	2018-10-26T00:00:00
db:	VULHUB	id:	VHN-125002	date:	2019-10-09T00:00:00
db:	BID	id:	105728	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-011084	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1187	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14806	date:	2023-11-07T02:53:01.957

SOURCES RELEASE DATE

db:	IVD	id:	e2fe7ab0-39ab-11e9-941d-000c29342cb1	date:	2018-10-26T00:00:00
db:	ZDI	id:	ZDI-18-1301	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21791	date:	2018-10-25T00:00:00
db:	VULHUB	id:	VHN-125002	date:	2018-10-23T00:00:00
db:	BID	id:	105728	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-011084	date:	2019-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201810-1187	date:	2018-10-24T00:00:00
db:	NVD	id:	CVE-2018-14806	date:	2018-10-23T20:29:00.437