Sign-up

ID

VAR-201810-0396


CVE

CVE-2018-14816


TITLE

Advantech WebAccess Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-011085 // CNNVD: CNNVD-201810-1188

DESCRIPTION

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Authentication is not required to exploit this vulnerability.The specific flaw exists within BwCLRptw.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech (Advantech) WebAccess software is the core of Advantech's IoT application platform solution, providing users with a user interface based on HTML5 technology to achieve cross-platform and cross-browser data access experience. A stack buffer overflow vulnerability exists in Advantech WebAccess. Advantech WebAccess is prone to the following security vulnerabilities: 1. A directory-traversal vulnerability 3. An arbitrary-file-deletion vulnerability 4. This may aid in further attacks. Advantech WebAccess 8.3.1 and prior versions are vulnerable

Trust: 10.17

sources: NVD: CVE-2018-14816 // JVNDB: JVNDB-2018-011085 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1306 // ZDI: ZDI-18-1309 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1303 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1312 // CNVD: CNVD-2018-21935 // BID: 105728 // IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // CNVD: CNVD-2018-21935

AFFECTED PRODUCTS

vendor:advantechmodel:webaccess nodescope: - version: -

Trust: 8.4

vendor:advantechmodel:webaccessscope:lteversion:8.3.1

Trust: 1.8

vendor:advantechmodel:webaccessscope:eqversion:8.3.1

Trust: 0.9

vendor:advantechmodel:webaccessscope:lteversion:<=8.3.1

Trust: 0.6

vendor:advantechmodel:webaccessscope:eqversion:8.3

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.2

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8.1

Trust: 0.3

vendor:advantechmodel:webaccessscope:eqversion:8

Trust: 0.3

vendor:advantechmodel:webaccessscope:neversion:8.3.3

Trust: 0.3

vendor:webaccessmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1303 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // ZDI: ZDI-18-1306 // CNVD: CNVD-2018-21935 // BID: 105728 // JVNDB: JVNDB-2018-011085 // CNNVD: CNNVD-201810-1188 // NVD: CVE-2018-14816

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-14816
value: HIGH

Trust: 8.4

nvd@nist.gov: CVE-2018-14816
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14816
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-21935
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-1188
value: CRITICAL

Trust: 0.6

IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1
value: CRITICAL

Trust: 0.2

ZDI: CVE-2018-14816
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 8.4

nvd@nist.gov: CVE-2018-14816
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21935
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-14816
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-14816
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // ZDI: ZDI-18-1311 // ZDI: ZDI-18-1312 // ZDI: ZDI-18-1308 // ZDI: ZDI-18-1310 // ZDI: ZDI-18-1314 // ZDI: ZDI-18-1307 // ZDI: ZDI-18-1302 // ZDI: ZDI-18-1298 // ZDI: ZDI-18-1303 // ZDI: ZDI-18-1305 // ZDI: ZDI-18-1309 // ZDI: ZDI-18-1306 // CNVD: CNVD-2018-21935 // JVNDB: JVNDB-2018-011085 // CNNVD: CNNVD-201810-1188 // NVD: CVE-2018-14816

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-011085 // NVD: CVE-2018-14816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1188

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // CNNVD: CNNVD-201810-1188

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011085

PATCH
title:Advantech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01
Trust: 8.4
title:トップページurl:https://www.advantech.co.jp/
Trust: 0.8
title:Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-21935)url:https://www.cnvd.org.cn/patchInfo/show/143393
Trust: 0.6
title:Advantech WebAccess Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86280
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1311 // 
            
            
            
            ZDI: ZDI-18-1312 // 
            
            
            
            ZDI: ZDI-18-1308 // 
            
            
            
            ZDI: ZDI-18-1310 // 
            
            
            
            ZDI: ZDI-18-1314 // 
            
            
            
            ZDI: ZDI-18-1307 // 
            
            
            
            ZDI: ZDI-18-1302 // 
            
            
            
            ZDI: ZDI-18-1298 // 
            
            
            
            ZDI: ZDI-18-1303 // 
            
            
            
            ZDI: ZDI-18-1305 // 
            
            
            
            ZDI: ZDI-18-1309 // 
            
            
            
            ZDI: ZDI-18-1306 // 
            
            
            
            CNVD: CNVD-2018-21935 // 
            
            
            
            JVNDB: JVNDB-2018-011085 // 
            
            
            
            CNNVD: CNNVD-201810-1188

EXTERNAL IDS
db:NVDid:CVE-2018-14816
Trust: 11.9
db:ICS CERTid:ICSA-18-296-01
Trust: 3.3
db:BIDid:105728
Trust: 2.5
db:SECTRACKid:1041939
Trust: 1.6
db:CNVDid:CNVD-2018-21935
Trust: 0.8
db:CNNVDid:CNNVD-201810-1188
Trust: 0.8
db:JVNDBid:JVNDB-2018-011085
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6299
Trust: 0.7
db:ZDIid:ZDI-18-1311
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6300
Trust: 0.7
db:ZDIid:ZDI-18-1312
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6296
Trust: 0.7
db:ZDIid:ZDI-18-1308
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6298
Trust: 0.7
db:ZDIid:ZDI-18-1310
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6302
Trust: 0.7
db:ZDIid:ZDI-18-1314
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6295
Trust: 0.7
db:ZDIid:ZDI-18-1307
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6289
Trust: 0.7
db:ZDIid:ZDI-18-1302
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6285
Trust: 0.7
db:ZDIid:ZDI-18-1298
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6290
Trust: 0.7
db:ZDIid:ZDI-18-1303
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6293
Trust: 0.7
db:ZDIid:ZDI-18-1305
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6297
Trust: 0.7
db:ZDIid:ZDI-18-1309
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-6294
Trust: 0.7
db:ZDIid:ZDI-18-1306
Trust: 0.7
db:IVDid:E2FEEFE1-39AB-11E9-8E28-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2feefe1-39ab-11e9-8e28-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1311 // 
            
            
            
            ZDI: ZDI-18-1312 // 
            
            
            
            ZDI: ZDI-18-1308 // 
            
            
            
            ZDI: ZDI-18-1310 // 
            
            
            
            ZDI: ZDI-18-1314 // 
            
            
            
            ZDI: ZDI-18-1307 // 
            
            
            
            ZDI: ZDI-18-1302 // 
            
            
            
            ZDI: ZDI-18-1298 // 
            
            
            
            ZDI: ZDI-18-1303 // 
            
            
            
            ZDI: ZDI-18-1305 // 
            
            
            
            ZDI: ZDI-18-1309 // 
            
            
            
            ZDI: ZDI-18-1306 // 
            
            
            
            CNVD: CNVD-2018-21935 // 
            
            
            
            BID: 105728 // 
            
            
            
            JVNDB: JVNDB-2018-011085 // 
            
            
            
            CNNVD: CNNVD-201810-1188 // 
            
            
            
            NVD: CVE-2018-14816

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01
Trust: 10.7
url:http://www.securityfocus.com/bid/105728
Trust: 1.6
url:http://www.securitytracker.com/id/1041939
Trust: 1.6
url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-01%2c
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14816
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14816
Trust: 0.8
url:http://webaccess.advantech.com
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1311 // 
            
            
            
            ZDI: ZDI-18-1312 // 
            
            
            
            ZDI: ZDI-18-1308 // 
            
            
            
            ZDI: ZDI-18-1310 // 
            
            
            
            ZDI: ZDI-18-1314 // 
            
            
            
            ZDI: ZDI-18-1307 // 
            
            
            
            ZDI: ZDI-18-1302 // 
            
            
            
            ZDI: ZDI-18-1298 // 
            
            
            
            ZDI: ZDI-18-1303 // 
            
            
            
            ZDI: ZDI-18-1305 // 
            
            
            
            ZDI: ZDI-18-1309 // 
            
            
            
            ZDI: ZDI-18-1306 // 
            
            
            
            CNVD: CNVD-2018-21935 // 
            
            
            
            BID: 105728 // 
            
            
            
            JVNDB: JVNDB-2018-011085 // 
            
            
            
            CNNVD: CNNVD-201810-1188 // 
            
            
            
            NVD: CVE-2018-14816

CREDITS
Mat Powell of Trend Micro Zero Day Initiative
Trust: 8.7
sources:
            
            
            ZDI: ZDI-18-1311 // 
            
            
            
            ZDI: ZDI-18-1312 // 
            
            
            
            ZDI: ZDI-18-1308 // 
            
            
            
            ZDI: ZDI-18-1310 // 
            
            
            
            ZDI: ZDI-18-1314 // 
            
            
            
            ZDI: ZDI-18-1307 // 
            
            
            
            ZDI: ZDI-18-1302 // 
            
            
            
            ZDI: ZDI-18-1298 // 
            
            
            
            ZDI: ZDI-18-1303 // 
            
            
            
            ZDI: ZDI-18-1305 // 
            
            
            
            ZDI: ZDI-18-1309 // 
            
            
            
            ZDI: ZDI-18-1306 // 
            
            
            
            BID: 105728

SOURCES
db:IVDid:e2feefe1-39ab-11e9-8e28-000c29342cb1
db:ZDIid:ZDI-18-1311
db:ZDIid:ZDI-18-1312
db:ZDIid:ZDI-18-1308
db:ZDIid:ZDI-18-1310
db:ZDIid:ZDI-18-1314
db:ZDIid:ZDI-18-1307
db:ZDIid:ZDI-18-1302
db:ZDIid:ZDI-18-1298
db:ZDIid:ZDI-18-1303
db:ZDIid:ZDI-18-1305
db:ZDIid:ZDI-18-1309
db:ZDIid:ZDI-18-1306
db:CNVDid:CNVD-2018-21935
db:BIDid:105728
db:JVNDBid:JVNDB-2018-011085
db:CNNVDid:CNNVD-201810-1188
db:NVDid:CVE-2018-14816

LAST UPDATE DATE
2024-09-15T23:06:50.654000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1311date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1312date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1308date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1310date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1314date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1307date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1302date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1298date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1303date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1305date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1309date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1306date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21935date:2018-10-28T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011085date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1188date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14816date:2023-11-07T02:53:02.097

SOURCES RELEASE DATE
db:IVDid:e2feefe1-39ab-11e9-8e28-000c29342cb1date:2018-10-28T00:00:00
db:ZDIid:ZDI-18-1311date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1312date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1308date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1310date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1314date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1307date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1302date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1298date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1303date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1305date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1309date:2018-10-24T00:00:00
db:ZDIid:ZDI-18-1306date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-21935date:2018-10-28T00:00:00
db:BIDid:105728date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-011085date:2019-01-07T00:00:00
db:CNNVDid:CNNVD-201810-1188date:2018-10-24T00:00:00
db:NVDid:CVE-2018-14816date:2018-10-23T20:29:00.530